Displaying 8 results from an estimated 8 matches for "max_authtries".
2013 Apr 02
4
Too many public keys
Apparently my ssh agent is feeling energetic today:
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: [...]
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: [...]
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key:
2016 Jun 02
2
MaxDisplays configuration option
...0
@@ -96,6 +96,7 @@
options->print_lastlog = -1;
options->x11_forwarding = -1;
options->x11_display_offset = -1;
+ options->max_displays = -1;
options->x11_use_localhost = -1;
options->permit_tty = -1;
options->permit_user_rc = -1;
@@ -327,6 +328,8 @@
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
options->max_sessions = DEFAULT_SESSIONS_MAX;
+ if (options->max_displays == -1)
+ options->max_displays = MAX_DISPLAYS;
if (options->use_dns == -1)
options->use_dns = 0;
if (options->client_alive_interval =...
2015 Jun 18
7
[Bug 2415] New: Public key failures are not counted and therefore not logged into syslog
...Jun 17 08:39:12 vm183 sshd[90005]: Connection closed by 10.65.x.x [preauth]
which is different to normal password authentication.
Further code reading led me to function auth_log() in auth.c:286 where
you can see that the other methods than password should be logged only
if you exceed the half of max_authtries option. That makes sense since
many people just throw their public keys everywhere therefore logging
every failure doesn't make sense.
But as I tried to push more keys to switch on this knob on, it appeared
that in this context, authctxt->failures variable is ALWAYS zero for
pubkey authenti...
2010 Apr 19
1
no logging in auth.log when using wrong ssh keys
...being
logged in auth.log
hans at Draakje:~/src/openssh$ diff -u auth.c auth_new.c
--- auth.c 2010-03-07 01:57:00.000000000 +0100
+++ auth_new.c 2010-04-19 19:58:21.564550068 +0200
@@ -263,6 +263,7 @@
if (authenticated == 1 ||
!authctxt->valid ||
authctxt->failures >= options.max_authtries / 2 ||
+ strcmp(method, "publickey") == 0 ||
strcmp(method, "password") == 0)
authlog = logit;
Perhaps there is a better way to log the failed sshkey logins, but I
couldn't find it (my lack of knowledge probably).
So any comments are welcome....
Hans
--------...
2004 Jul 01
4
[Bug 559] PAM fixes
...;) && /* method 'none' */
>+ !options.permit_empty_passwd && /* none !allowed */
>+ !authenticated)) /* failed auth */
>+ auth_log(authctxt, authenticated, method, " ssh2");
I don't see why this in needed. Until you get to options.max_authtries/2
failures (which used to be hard-coded to AUTH_FAIL_MAX/2 = 3) it will only get
logged at "verbose" level anyway.
>+ if (!options.password_authentication || !options.permit_empty_passwd)
>+ return(0);
Handled in auth-passwd.c (see above).
>- retval = (do_pam_authenticate(0)...
2010 Oct 06
4
Logging Login Attempts
I have passwords turned off, and require keys to match. The zombie armies swarming outside are trying brute force attacks that in part involve guessing login NAMES. If they guess the wrong NAME, this is logged in syslog. If they guess a working user name, then the attack has PARTIALLY SUCCEEDED, but this information is IGNORED. That is, it is not logged. If the zombie army has tell when it
2013 Jan 31
2
OpenSSH NoPty patch
...tModes:
intptr = &options->strict_modes;
goto parse_flag;
@@ -1657,6 +1665,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(x11_display_offset);
M_CP_INTOPT(x11_forwarding);
M_CP_INTOPT(x11_use_localhost);
+ M_CP_INTOPT(no_pty);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
M_CP_INTOPT(ip_qos_interactive);
@@ -1883,6 +1892,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ dump_cfg_fmtint(sNoPty, o->no_p...
2018 Sep 06
4
Some wishes regarding revoked keys
Hello.
I am trying to play through the following test scenario about
certificate revocation on Ubuntu 18.04, which has OpenSSH of this version:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017
1. A CA key is created
ssh-keygen -t ed25519 -f ca
2. The CA public key is added to ~/.ssh/authorized_keys on some server:
cert-authority ssh-ed25519 AAAA...e ca at yoga
3. A user key is created on a