| Summary: | AuthenticationMethods - partial success is considered as failure | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Petr Lautrbach <plautrba> | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 6.6p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2266 | ||||||
| Attachments: |
|
||||||
I believe this is fixed in the latest tree. Thanks. commit 058f839fe15c51be8b3a844a76ab9a8db550be4f Author: djm@openbsd.org <djm@openbsd.org> Date: Thu Dec 18 23:58:04 2014 +0000 upstream commit don't count partial authentication success as a failure against MaxAuthTries; ok deraadt@ openssh-6.8 is released |
Created attachment 2468 [details] don't increment failures in case of partial success sshd logs auth failure even if there was no failed attempt in authenticationthat when using AuthenticationMethods, see logs: debug3: userauth_finish: failure partial=0 next methods="password" [preauth] debug1: userauth-request for user plautrba service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] ... debug3: userauth_finish: failure partial=1 next methods="publickey" [preauth] debug1: userauth-request for user plautrba service ssh-connection method publickey [preauth] debug1: attempt 2 failures 1 [preauth] The problem is in the auth2.c code which doesn't take into account partial success and increments authctxt->failures as authenticated is set to 0.