https://bugzilla.novell.com/show_bug.cgi?id=464315
User anicka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=464315#c1
Anna Bernathova changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |INVALID
--- Comment #1 from Anna Bernathova 2009-02-02 08:47:15 MST ---
It is a change made by upstream. Changelog:
Make protocol 2 MaxAuthTries behaviour a little more sensible:
Check whether client has exceeded MaxAuthTries before running
an authentication method and skip it if they have, previously it
would always allow one try (for "none" auth).
Preincrement failure count before post-auth test - previously this
checked and postincremented, also to allow one "none" try.
Together, these two changes always count the "none" auth method
which could be skipped by a malicious client (e.g. an SSH worm)
to get an extra attempt at a real auth method. They also make
MaxAuthTries=0 a useful way to block users entirely (esp. in a
sshd_config Match block).
Also, move sending of any preauth banner from "none" auth method
to the first call to input_userauth_request(), so worms that skip
the "none" method get to see it too.
Documentation (sshd_config(5)) seems to match this behaviour:
MaxAuthTries
Specifies the maximum number of authentication attempts permitted per
connection. Once the number of failures reaches half this value, additional
failures are logged. The default is 6.
So I think that there is nothing to fix here.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
