OpenSSH v6.7 & NumberOfPasswordPrompts Option ...

Ángel González keisial at
Fri Jan 16 06:27:39 AEDT 2015

On 15/01/15 16:29, Trey Henefield wrote:
> Greetings,
> I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on.

NumberOfPasswordPrompts is a client option. And it is working fine here 
on 6.7p1:

Running ssh -vvv -o NumberOfPasswordPrompts=1 testmachine, I only get 
asked for a password once, then disconnect.

Could you send us the output of such command on your tests?
(there isn't anything specially sensitive there, but feel free to 
obscure any data you son't feel comfortable sharing, such as your 
username, host name or key ids...)

Note that at the server side, the option is called MaxAuthTries, and 
works differently, counting authentication attempts of any kind.
> For OpenSSH, the server does not specifically constrain the number of
> pasword authentication attempts. MaxAuthTries (default is 6) is the
> maximum number of authentication attempts (of any sort) per connection.
-- Ian Morgan last February on "Issue With SSHD Password Guesses" thread

More information about the openssh-unix-dev mailing list