Announce: OpenSSH 6.2 released
Andy Tsouladze
andyb1 at andy-t.org
Sat Mar 23 01:57:04 EST 2013
> * sshd(8): Added support for multiple required authentication in SSH
> protocol 2 via an AuthenticationMethods option. This option lists
> one or more comma-separated lists of authentication method names.
> Successful completion of all the methods in any list is required for
> authentication to complete. This allows, for example, requiring a
> user having to authenticate via public key or GSSAPI before they
> are offered password authentication.
I have compiled and installed openssh-6.2, and configured it to use
AuthenticationMethods publickey,password
It works well but it returns a message "Authenticated with partial
success." after the key is accepted. If I change the order of
authentication to be `password,publickey', the same message is returned
after password is accepted. IMHO, no message should be printed until full
authentication is completed, because "partial success" will give an
attacker a clue as to what is going on. Can this message be suppressed?
If so, does it require a patch, or just some config option?
Regards,
Andy
Dr Andy Tsouladze
Sr Unix/Storage SysAdmin
More information about the openssh-unix-dev
mailing list