[Bug 2249] sshd ignores PAM_MAXRETRIES pam return value
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jun 25 21:32:56 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2249
--- Comment #1 from Matthijs Kooijman <matthijs at stdin.nl> ---
It seems things are a bit less obvious when I thought. When I try to
reproduce the log message by trying to log in with dummy passwords, it
seems sshd kicks me out after 3 tries:
Jun 25 13:26:12 login sshd[6762]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=84-245-29-136.dsl.cambrium.nl user=root
Jun 25 13:26:14 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:16 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:18 login sshd[6762]: Failed password for root from
84.245.29.136 port 44444 ssh2
Jun 25 13:26:18 login sshd[6762]: Connection closed by 84.245.29.136
[preauth]
Jun 25 13:26:18 login sshd[6762]: PAM 2 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser=
rhost=84-245-29-136.dsl.cambrium.nl user=root
This log suggests that the client actually closed the connection, not
the server. Is there perhaps some limit builtin to the ssh client?
I also see this in my logs, presumably from a password bruteforcer that
might be violating the SSH protocol?
Jun 25 11:28:58 login sshd[6419]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.168
user=root
Jun 25 11:29:01 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:03 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:05 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:07 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:09 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:12 login sshd[6419]: Failed password for root from
116.10.191.168 port 37803 ssh2
Jun 25 11:29:12 login sshd[6419]: Disconnecting: Too many
authentication failures for root [preauth]
Jun 25 11:29:12 login sshd[6419]: PAM 5 more authentication failures;
logname= uid=0 euid=0 tty=ssh ruser= rhost=116.10.191.168 user=root
Jun 25 11:29:12 login sshd[6419]: PAM service(sshd) ignoring max
retries; 6 > 3
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list