search for: numberofpasswordprompt

Greetings, I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on. Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield at ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1

...Message----- From: Daniel Kahn Gillmor [dkg at fifthhorseman.net] Received: Thursday, 15 Jan 2015, 4:03PM To: Trey Henefield [trey.henefield at ultra-ats.com]; ?ngel Gonz?lez [keisial at gmail.com] CC: openssh-unix-dev at mindrot.org [openssh-unix-dev at mindrot.org] Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ... On Thu 2015-01-15 15:47:33 -0500, Trey Henefield wrote: > debug3: authmethod_lookup keyboard-interactive > debug3: remaining preferred: password > debug3: authmethod_is_enabled keyboard-interactive > debug1: Next authentication method: keyboard-interactive > debug2: user...

So it appears that I am getting a keyboard-interactive prompt and then a password prompt. Here is the output of the requested command: ssh -vvv -o NumberOfPasswordPrompts=1 -t root at 10.10.2.51 OpenSSH_6.7p1, OpenSSL 1.0.1k-fips 8 Jan 2015 debug1: Reading configuration data /cygdrive/c/progra~1/OpenSSH/etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.2.51 [10.10.2.51] port 22. debug1: Connection established. debug1: key_load_public: No s...

...Version: All Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: kreft at belwue.de mdoc2man.awk does not translate line 642 in ssh.1 properly during build: ssh.1: 640: .It NumberOfPasswordPrompts 641: .It PasswordAuthentication 642: .It Port ssh.1.out: 642: .TP 643: NumberOfPasswordPrompts 644: .TP 645: .B 646: .TP 647: Port Apart from leaving out "PasswordAuthentication" this construct isn't appreciated by Solaris8 nroff. Suns implementation skips several paragraph...

Hi, I understand MaxAuthTries is a parameter used to restrict the maximum number of authentication attempts. But I notice a difference in behavior when run from different client versions. The MaxAuthTries at the server side is 6. The server side is running OpenSSH 6.6 version. When wrong password is given from an openssh client 6.1 version, it disconnects after 3 attempts. When wrong

...-o GlobalKnownHostsFile="${EmbeddedKnownHosts}" \ > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > -o StrictHostKeyChecking="yes" \ > -o CheckHostIP="no" \ > -o NumberOfPasswordPrompts=0 \ > ${User}@${Host} 2>/dev/null Then whatever executes this command line does *not* understand (and eat) the "2>/dev/null" like shells of the Bourne family should, hence it winding up in the server-side $SSH_ORIGINAL_COMMAND ... > debug1: server_input_c...

...t a/readconf.c b/readconf.c index 3a64a0441..d7e301e78 100644 --- a/readconf.c +++ b/readconf.c @@ -156,7 +156,7 @@ typedef enum { oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oTCPKeepAlive, oNumberOfPasswordPrompts, - oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, + oLogFacility, oLogLevel, oLogPath, oLogVerbose, oCiphers, oMacs, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications,...

...ssh.1 (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/ssh.1 (revision 25) @@ -614,6 +614,7 @@ .It CheckHostIP .It Cipher .It Ciphers +.It CloseCommand .It ClearAllForwardings .It Compression .It CompressionLevel @@ -639,6 +640,7 @@ .It MACs .It NoHostAuthenticationForLocalhost .It NumberOfPasswordPrompts +.It OpenCommand .It PasswordAuthentication .It Port .It PreferredAuthentications Index: sshconnect.h --- openssh-3.8p1.orig/sshconnect.h (.../.transvn:beginning) (revision 25) +++ openssh-3.8p1/sshconnect.h (revision 25) @@ -34,6 +34,10 @@ }; int +ssh_run_command(const char *type, const c...

...Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: fcusack at fcusack.com On the client, I might typically have NumberOfPasswordPrompts 1 and attempt both password and keyboard-interactive authentication. If the server allows both types of auth, I get 2 password prompts (assuming I get the first one wrong). The proposed server option KbdintXORPasswordAuthentication only allows a client to attempt one of the two types, thus givin...

...-- Richard Silverman slade at shore.net ================================================================================ *** ../../openssh-2.5.1p2/readconf.c Wed Feb 14 22:02:00 2001 --- readconf.c Wed Mar 7 00:59:44 2001 *************** *** 109,115 **** oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, ! oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias } OpCodes; /* Textual representations of the tokens. */ --- 109,116 ---- oCompres...

...ownHostsFile="${EmbeddedKnownHosts}" \ > > -o UserKnownHostsFile="${ClientSpecificKnownHosts}" \ > > -o StrictHostKeyChecking="yes" \ > > -o CheckHostIP="no" \ > > -o NumberOfPasswordPrompts=0 \ > > ${User}@${Host} 2>/dev/null > > Then whatever executes this command line does *not* understand (and eat) the > "2>/dev/null" like shells of the Bourne family should, hence it winding up in > the server-side $SSH_ORIGINAL_COMMAND ... >...

...9.9p2/readconf.c Thu Oct 11 22:03:09 2001 @@ -109,7 +109,7 @@ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oIdle, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -178,6 +178,7 @@ { &q...

...alKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, - oPreferredAuthentications + oPreferredAuthentications,oNoopMsgFrequency } OpCodes; /* Textual representations of the tokens. */ @@ -173,6 +173,7 @@ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "preferredauthentications", oPreferredAuthentications }, + { "noopmsgfrequency", oNoopMsgFrequency }, { NULL, 0 } }; @@ -387,6 +388,10 @@ intptr = &options->keepalives; goto parse_fl...

...2.9p2/readconf.c Thu Aug 23 15:42:37 2001 @@ -106,7 +106,7 @@ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oKeepAlivesForward, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -172,6 +17...

...uot;cipher.h" #include "readconf.h" #include "match.h" +#include "entropy.h" #include "xmalloc.h" #include "compat.h" @@ -105,7 +106,8 @@ oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oIdentityFile2, - oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication + oGlobalKnownHostsFile2, oUserKnownHostsFile2, oDSAAuthentication, + oPrngCommandFile } OpCodes; /* Textual representations of t...

...+172,8 @@ { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, { "keepalive", oKeepAlives }, + { "BogusTrafficIntervalMax", oBogusTrafficIntervalMax }, + { "BogusTrafficIntervalMin", oBogusTrafficIntervalMin }, { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, @@ -394,6 +396,42 @@ intptr = &options->keepalives; goto parse_flag; + case oBogusTrafficIntervalMax: + intptr = &options->bogus_traffic_interval_max;...

...pload to server several files (big - more than 100MB and small – less than 1 mb). Command for start: rsync.exe -rlDi -z -t --no-h --progress --stats --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r --delay-updates --delete-after --force --ignore-errors -e "'ssh.exe' -vv -o StrictHostKeyChecking=no -o NumberOfPasswordPrompts=0 -F '.ssh/ssh_config' -i '/cygdrive/C/Windows/TEMP/DRSA4A3.tmp' " -f '- *.lock' "/cygdrive/E/LocalStorage/FILE_ PR_DL - 991486649-0/shares/release/pr_dl/" user at server.kaspersky-labs.com:"/data/pr_dl/" Sometimes, connection is disconnected betwe...

...no GlobalKnownHostsFile /var/ssh/ssh_known_hosts IdentityFile ~/.ssh/identity Port 22 Protocol 1,2 Cipher blowfish EscapeChar ~ KeepAlive yes NumberOfPasswordPrompts 3 tsunami:/[43] ssh -v -l root terl OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 19350 geteuid 0 anon 1 debug1: Connecting to terl...

...identity Port 22 EscapeChar ~ @@ -101,8 +102,8 @@ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, - oUsePrivilegedPort, oLogLevel + oCompressionLevel, oKeepAlives, oTransmitInterlude, oNumberOfPasswordPrompts, + oTISAuthentication, oUsePrivilegedPort, oLogLevel } OpCodes; /* Textual representations of the tokens. */ @@ -148,6 +149,7 @@ { "compression", oCom...

https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW