Problem and Patch: Multiple keys in ssh.com V2 agent
Richard E. Silverman
res at shore.net
Fri Dec 1 02:18:24 EST 2000
On Thu, 30 Nov 2000, Ulrich Kiermayr wrote:
>
> If I have more than one key in my agent, then the agent tries to
> authenticicate me with every one of them at the OpenSSH server; but none
> of them is a valid key for that server. The Problem is that the Server
> increments the authctxt->attempt at every of that tries. So even if you
> want to login with a password at that server, you have to disable the
> agent first in order to get that chance. If the agent is running, you run
> out of tries _before_ you are able to enter a password.
This is a known issue. I think the right thing to do is to allow
unlimited public-key checks (i.e. SSH_MSG_USERAUTH_REQUEST's with the
boolean parameter set to FALSE), but count requests that actually contain
a signature (TRUE) against the limit. Markus agreed with me, last time we
corresponded about this.
--
Richard Silverman
slade at shore.net
More information about the openssh-unix-dev
mailing list