Why there is a difference in MaxAuthTries behavior ?

Damien Miller djm at mindrot.org
Thu Feb 12 08:47:42 AEDT 2015


On Wed, 11 Feb 2015, Iain Morgan wrote:

> On Tue, Feb 10, 2015 at 14:32:44 +0530, sshuser GA wrote:
> > Hi,
> > 
> >   I understand MaxAuthTries is a parameter used to restrict the maximum
> > number of authentication attempts. But I notice a difference in behavior
> > when run from different client  versions.
> >   The MaxAuthTries at the server side is 6.  The server side is running
> > OpenSSH 6.6 version.
> >   When  wrong password is given from an openssh client 6.1 version, it
> > disconnects after 3 attempts.
> >   When  wrong password is given from an openssh client 6.6 version, it
> > disconnects after 5 attempts.
> > 
> >   What is the reason for this difference ?  Shouldn't the behavior be the
> > same, across both the clients, since MaxAuthTries is a server side
> > parameter?
> > 
> 
> Keep in mind that MaxAuthTries is applied against _all_ authentication
> methods -- not just password authentication. If you use ssh -v, I expect
> that you will see that the apparent discrepancy is due to public-key or
> hostbased authentication attempts.
> 
> Also, it may be that your clients have NumberOfPasswordPrompts set
> inconsistently.

Or your server was patched to ignore public key queries (also in HEAD).


More information about the openssh-unix-dev mailing list