Suggestion: SSHD pseudo/fake mode. Source available.

Darren Tucker dtucker at zip.com.au
Sun Feb 27 16:11:07 EST 2005


Daniel Kastenholz wrote:
> However, the daemon behaves slightly different when the "DenyUsers *" 
> option is used. By default, sshd disconnects when the third wrong set of 
> credentials has been provided. With "DenyUsers *", this always happens 
> after the first attempt.

Any such differences in behaviour ought to be found and fixed.

Under what circumstances does this occur?  (Compile options, config 
options, authentication method, valid/invalid user?)  A quick test here 
with 3.9p1 shows the same behaviour for password and pubkey authentication 
(ie sshd just denies the auth attempt and the client can retry, up until 
the client disconnects or the MaxAuthTries limit is reached).

Could you post the server-side debugging for both instances?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list