Hi,

I have two machines;

Now on my NetBSD machine, I have set MaxAuthTries to 0. This box is also visible to the outside world, so that's why I've set it at 0 (Get it incorrect the first time and your out).

Now here is where my problem begins:

However, when I change the MaxAuthTries from 0 to 1 I have no problem. From my Windows box connecting to netbsd via PuTTy I have no issue - I get a user/pass prompt.

So basically;

Slackware -> NetBSD | AUTH FAILURE
Windows -> NetBSD | USER/PASS PROMPT

I know that ssh will try to authenticate other ways (keys etc...) before presenting a password prompt, but should this be classed as a failed password attempt and therefor kicking me out of the NetBSD box?

Cheers,
-Kristijan

I don't know about counting failed attempts (but the config parameter name does suggest authentication attempts rather than password attempts), but you can set DSAAuthentication and RSAAuthentication (in the ssh config file) to no to suppress these attempts. You can use the -o option to specify these from the command line.

IIRC, PuTTy must be told explicitly to attempt DSA or RSA authentication unless Pageant is running.

I think I might just set it at 1 and leave it. I'm going to set up DSA auth anyway.

Cheers,
-Kristijan

If you can always authenticate with DSA or RSA, you are much more secure if you disable password login in sshd_config.

It's interesting that you get an Auth try with windows but not from Slackware. You might want to try putting ssh (or sshd) in debug mode to see if you can spot anything abnormal. You might also want to post this on the openssh mailing list.

OK I've figured out the problem, and it was user error :P

I rebuilt the NetBSD server about 4 - 5 weeks ago. I did forget that I already had DSA auth between Slackware -> NetBSD already set up. After the rebuild, I forgot to remove the old dsa key from my Slackware box...hence the failed auth attempt.

It's always something huh...

Cheers for the help

-Kristijan