search for: hostbass

...can be used by hostbased authentication before the user has a chance to attempt public-key or password authentication. This situation can be made even worse if a host certificate is also available. It would be helpful if there was a mechanism to limit the number of authentication attempts used by hostbassed authentication, so that a reasonable number still remain for other authentication methods if hostbased authentication fails. A simple solution would be to add support for an ssh_config(5) option to limit the number of attempts, such as HostbasedMaxTries or MaxHostbasedAuthTries. A more flexible...