multiple password prompts for a locked account

Damien Miller djm at
Tue Mar 25 09:27:15 EST 2003

Srinidhi H wrote:
> Hi,
> Please forgive me if this the wrong list for my query or if this topic 
> is already covered. I searched through the archive but could not find 
> any information.
> Here is my problem. If I enable more than one authentication method (say 
> public key, keyboard interaction,password) at my SSH server and try to 
> login using a locked/expired user account, server prompts for password 
> for each authentication method . Since user is already locked isn't it 
> better to stop at the first authentication method (i.e. publickey) with 
> a appropriate error message? Otherwise this unnecessarily forces the 
> user to enter password for each authentication method even though it is 
> known that all the methods will fail.
> Is there any reason why it is implemented this way? (which I am obviosly 
> missing here)

To stop early would allow probing of existing usernames and allowed authentication methods.


More information about the openssh-unix-dev mailing list