Re: "too many auth failures"?

[nisse%lysator.liu.se@localhost (Niels Möller)]

Nicolas Williams <Nicolas.Williams%oracle.com@localhost> writes:

> On Wed, Oct 27, 2010 at 09:53:39PM +0200, nisse%lysator.liu.se@localhost wrote:
>> As far as I understand, the possibility to send a
>> SSH_MSG_USERAUTH_REQUEST without a signature in it is intended to solve
>> precisely this problem.
>
> But some servers always answer that query positively.

Which servers do that? That seems like very broken behaviour to me. It
would be somewhat understandable if there were some library function
which checks the signature and the authorization as an (to the caller)
atomic step. But I'd rather expect an ssh implementation to do something
like

  if (key_authorized(...))
    {
      if (signature_provided)
        {
          if (signature_correct(...))
            send SSH_MSG_USERAUTH_SUCCESS, and start service
          else
            send SSH_MSG_USERAUTH_FAILURE
        }
      else
	send SSH_MSG_USERAUTH_PK_OK
    }
  else
    send SSH_MSG_USERAUTH_FAILURE

where signature verification and authorization are independent functions, possibly
even in different libraries.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.