OpenSSH v6.7 & NumberOfPasswordPrompts Option ...

Trey Henefield trey.henefield at
Fri Jan 16 09:54:20 AEDT 2015

Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied.

I appreciate the security advice. The root account was indicated simply as an anonymous indicator. I do have PermitRootLogin=no applied. But this same issue is present regardless of the account provided.

Best regards,

Trey Henefield, CISSP
Senior IAVA Engineer

Ultra Electronics
Advanced Tactical Systems, Inc.
4101 Smith School Road
Building IV, Suite 100
Austin, TX 78744 USA

Trey.Henefield at
Tel: +1 512 327 6795 ext. 647
Fax: +1 512 327 8043
Mobile: +1 512 541 6450

-----Original Message-----
From: Daniel Kahn Gillmor [dkg at]
Received: Thursday, 15 Jan 2015, 4:03PM
To: Trey Henefield [trey.henefield at]; Ángel González [keisial at]
CC: openssh-unix-dev at [openssh-unix-dev at]
Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ...

On Thu 2015-01-15 15:47:33 -0500, Trey Henefield wrote:
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> root at's password:
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,password,keyboard-interactive).
> In the above output, the first prompt is "Password:". The second prompt is "root at's password:"

The first prompt is a keyboard-interactive prompt; the second prompt is
the password prompt.  please try again with



PS if possible, you should probably avoid using password authentication
for the root account anyway, but that's a sideline to the issue you're
seeing here.

The information contained in this communication from trey.henefield at sent at 2015-01-15 17:54:25 is confidential and may be legally privileged.
It is intended solely for use by openssh-unix-dev at and others authorized to receive it. If you are not openssh-unix-dev at you are hereby notified that
any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.

More information about the openssh-unix-dev mailing list