IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: "too many auth failures"?



On 10/26/2010 20:05, Peter Gutmann wrote:
> der Mouse <mouse%Rodents-Montreal.ORG@localhost> writes:
> 
>> So, thoughts?  Am I missing something, or is this really as ill-behaved as I
>> think?
> 
> I don't think it is.  If you've set the server up to allow three tries at auth
> then you get three tries (I'm assuming it's set up to allow six here, which is
> a bit non-traditional, I would have expected three).  Stepping back a bit, why
> are you sending *six* keys to the server?  Shouldn't the client know which key
> it's supposed to use?  It seems more like the client is broken than the
> server.

I don't think the SSH server should count unsigned publickey attempts as
failures, since they aren't really an attempt.  There are many
clients that simply try all the keys they know about as unsigned
attempts in an attempt to get connected with less user configuration.

A signed publickey attempt with a bad signature probably should be
counted as a failure though.

Thanks,

Joseph



Home | Main Index | Thread Index | Old Index