OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
Ángel González
keisial at gmail.com
Fri Jan 16 06:27:39 AEDT 2015
On 15/01/15 16:29, Trey Henefield wrote:
> Greetings,
>
> I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on.
NumberOfPasswordPrompts is a client option. And it is working fine here
on 6.7p1:
Running ssh -vvv -o NumberOfPasswordPrompts=1 testmachine, I only get
asked for a password once, then disconnect.
Could you send us the output of such command on your tests?
(there isn't anything specially sensitive there, but feel free to
obscure any data you son't feel comfortable sharing, such as your
username, host name or key ids...)
Note that at the server side, the option is called MaxAuthTries, and
works differently, counting authentication attempts of any kind.
> For OpenSSH, the server does not specifically constrain the number of
> pasword authentication attempts. MaxAuthTries (default is 6) is the
> maximum number of authentication attempts (of any sort) per connection.
-- Ian Morgan last February on "Issue With SSHD Password Guesses" thread
More information about the openssh-unix-dev
mailing list