Announce: OpenSSH 6.2 released

Andy Tsouladze andyb1 at
Sat Mar 23 01:57:04 EST 2013

> * sshd(8): Added support for multiple required authentication in SSH
>   protocol 2 via an AuthenticationMethods option. This option lists
>   one or more comma-separated lists of authentication method names.
>   Successful completion of all the methods in any list is required for
>   authentication to complete. This allows, for example, requiring a
>   user having to authenticate via public key or GSSAPI before they
>   are offered password authentication.

I have compiled and installed openssh-6.2, and configured it to use

AuthenticationMethods publickey,password

It works well but it returns a message "Authenticated with partial 
success." after the key is accepted.  If I change the order of 
authentication to be `password,publickey', the same message is returned 
after password is accepted.  IMHO, no message should be printed until full 
authentication is completed, because "partial success" will give an 
attacker a clue as to what is going on.  Can this message be suppressed? 
If so, does it require a patch, or just some config option?



Dr Andy Tsouladze
Sr Unix/Storage SysAdmin

More information about the openssh-unix-dev mailing list