[Bug 3439] identify password prompts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 27 16:55:51 AEST 2022


Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to tar.ancalime.numenor from comment #0)
> I have no idea who prints the respective prompts, I'd assume the
> normal passphrase prompt is printed by OpenSSH client, but the OTP
> prompt by the remote server?

There are two types of prompts:
1) Prompts for ssh "password" authentication method.  These are
generated by the client and look like this (and have for quite some

$ ssh -o preferredauthentications=password localhost
dtucker at localhost's password: 

2) prompts for "keyboard-interactive" authentication method.  These are
generated by the server (usually via the PAM config) and can look like
pretty much anything.  For a simple PAM configuration with password
authentication they'll typically look something like "Password: ", but
could be your OTP prompts if that's what you have.  Since 8.5, these
with be prefixed by "(user at host)" to identify them:

$ ssh -o preferredauthentications=keyboard-interactive localhost
(dtucker at localhost) Password:

If you can reproduce this behaviour with 9.0 or above, please reopen
this bug and attach the full debug output "ssh -vvv yourserver"
demonstrating the problem.

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list