[Bug 561] Please implement MaxAuthTries

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 13 00:53:20 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=561

           Summary: Please implement MaxAuthTries
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: wmertens at gentoo.org


Hi, 
 
When using Commercial SSH to connect to OpenSSH, it can happen that a user has many keys 
and this results in a failure to log in due to "Too many authentication failures". 
 
The problem is documented at http://www.tartarus.org/~simon/puttydoc/Chapter10.html#10.5 : 
 
10.5 "Server sent disconnect message type 2 (SSH_DISCONNECT_PROTOCOL_ERROR): 
"Too many authentication failures for root"" 
 
  
 
This message is produced by an OpenSSH (or Sun SSH) server if it receives more failed 
authentication attempts than it is willing to tolerate. This can easily happen if you are using 
Pageant and have a large number of keys loaded into it. This can be worked around on the server by 
disabling public-key authentication or (for Sun SSH only) by increasing MaxAuthTries in 
sshd_config. Neither of these is a really satisfactory solution, and we hope to provide a better one in 
a future version of PuTTY. 
 
You might not want to implement a MaxAuthTries, but at least something must be done so that 
broken clients can connect (and asking the user to remove some keys from their agent is not it 
IMHO). 
 
Thanks!



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-unix-dev mailing list