Why there is a difference in MaxAuthTries behavior ?
Iain Morgan
imorgan at nas.nasa.gov
Thu Feb 12 05:59:44 AEDT 2015
On Tue, Feb 10, 2015 at 14:32:44 +0530, sshuser GA wrote:
> Hi,
>
> I understand MaxAuthTries is a parameter used to restrict the maximum
> number of authentication attempts. But I notice a difference in behavior
> when run from different client versions.
> The MaxAuthTries at the server side is 6. The server side is running
> OpenSSH 6.6 version.
> When wrong password is given from an openssh client 6.1 version, it
> disconnects after 3 attempts.
> When wrong password is given from an openssh client 6.6 version, it
> disconnects after 5 attempts.
>
> What is the reason for this difference ? Shouldn't the behavior be the
> same, across both the clients, since MaxAuthTries is a server side
> parameter?
>
Keep in mind that MaxAuthTries is applied against _all_ authentication
methods -- not just password authentication. If you use ssh -v, I expect
that you will see that the apparent discrepancy is due to public-key or
hostbased authentication attempts.
Also, it may be that your clients have NumberOfPasswordPrompts set
inconsistently.
--
Iain Morgan
More information about the openssh-unix-dev
mailing list