Too many public keys
Arthur Mesh
amesh at juniper.net
Wed Apr 3 11:01:35 EST 2013
On Tue, Apr 02, 2013 at 03:57:15PM -0700, Andy Lutomirski wrote:
> Received disconnect from [a.b.c.d]: 2: Too many authentication
> failures for [username]
Would it make sense to split max_authtries in to two separate counters:
1) one that counts password/kbd_interactive auth attempts
2) one that counts pubkey/certs auth attempts
One could argue password/kbd_interactive authentication attempts are
much more interesting. Having a low DEFAULT_AUTH_FAIL_MAX for these
would make sense.
Whereas, pubkey/cert auth attempts could have a higher threshold. This
would allow people who have boatload of different keys to avoid this
problem.
Thoughts?
More information about the openssh-unix-dev
mailing list