Re: "too many auth failures"?

[Nicolas Williams <Nicolas.Williams%oracle.com@localhost>]

On Wed, Oct 27, 2010 at 06:40:09PM +1300, Peter Gutmann wrote:
> Nicolas Williams <Nicolas.Williams%oracle.com@localhost> writes:
> 
> >My view is that servers should have two failure counters: one for password
> >and keyboard-interactive, another one for all others.
> 
> Yeah, I'd thought about that too, but where do you stop?  Which counter type
> would a ZKP use?  Or EKE?  Or IBE?

The distinction relates to password guessing.  ZKP -> same retry counter
as password and keyboard-interactive; same for EKE.  IBE (ID based
encryption?) is not like a password-based method at all.

Methods that might result in MITMs getting material suitable for
off-line dictionary attacks are not special here as no counter on the
server side can help prevent such MITM attacks, but because such methods
are subject to password guessing, they should be subject to the same
counter as password and keyboard-interactive.

> (I still think the real problem isn't the server but the client, how's it
> managing to try six different keys to get to one server?).

Why not?  SSH user public keys are effectively pseudonyms, so you can
see why users might have many of them.  Nothing wrong with that...  On
the server side you don't want a client sucking up resources testing
whether some pubkey or another might work...  so the server says all
might work and the client has to actually sign with those keys, and the
server also has to implement resource controls pre-authentication
(including a timer to disconnect if the client takes too long to
authenticate).

Nico
--