LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-26-2006, 04:05 AM   #1
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Rep: Reputation: 30
SSH - MaxAuthTries


Hi,

I have two machines;

Code:
kristijan@slackware:~$ ssh -V
OpenSSH_4.3p1, OpenSSL 0.9.7e 25 Oct 2004

kristijan@netbsd:~$ ssh -V
OpenSSH_3.9 NetBSD_Secure_Shell-20050213, OpenSSL 0.9.7d 17 Mar 2004
Now on my NetBSD machine, I have set MaxAuthTries to 0. This box is also visible to the outside world, so that's why I've set it at 0 (Get it incorrect the first time and your out).

Now here is where my problem begins:

Code:
kristijan@slackware:~$ ssh netbsd
Received disconnect from 192.168.0.10: 2: Too many authentication failures for kristijan
However, when I change the MaxAuthTries from 0 to 1 I have no problem. From my Windows box connecting to netbsd via PuTTy I have no issue - I get a user/pass prompt.

So basically;

Slackware -> NetBSD | AUTH FAILURE
Windows -> NetBSD | USER/PASS PROMPT

I know that ssh will try to authenticate other ways (keys etc...) before presenting a password prompt, but should this be classed as a failed password attempt and therefor kicking me out of the NetBSD box?

Cheers,
-Kristijan

Last edited by Kristijan; 09-26-2006 at 11:21 PM.
 
Old 09-26-2006, 06:44 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by Kristijan
I know that ssh will try to authenticate other ways (keys etc...) before presenting a password prompt, but should this be classed as a failed password attempt and therefor kicking me out of the NetBSD box?
I don't know about counting failed attempts (but the config parameter name does suggest authentication attempts rather than password attempts), but you can set DSAAuthentication and RSAAuthentication (in the ssh config file) to no to suppress these attempts. You can use the -o option to specify these from the command line.

IIRC, PuTTy must be told explicitly to attempt DSA or RSA authentication unless Pageant is running.
 
Old 09-26-2006, 11:22 PM   #3
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Original Poster
Rep: Reputation: 30
I think I might just set it at 1 and leave it. I'm going to set up DSA auth anyway.

Cheers,
-Kristijan
 
Old 09-27-2006, 04:53 AM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
If you can always authenticate with DSA or RSA, you are much more secure if you disable password login in sshd_config.
 
Old 09-27-2006, 11:06 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
It's interesting that you get an Auth try with windows but not from Slackware. You might want to try putting ssh (or sshd) in debug mode to see if you can spot anything abnormal. You might also want to post this on the openssh mailing list.
 
Old 09-27-2006, 11:36 PM   #6
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Original Poster
Rep: Reputation: 30
OK I've figured out the problem, and it was user error :P

I rebuilt the NetBSD server about 4 - 5 weeks ago. I did forget that I already had DSA auth between Slackware -> NetBSD already set up. After the rebuild, I forgot to remove the old dsa key from my Slackware box...hence the failed auth attempt.

It's always something huh...

Cheers for the help

-Kristijan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
Mac OS X ssh client / linux sshd : ssh hangs/disconnects Apollo77 Linux - Networking 1 05-24-2006 12:53 PM
ssh -> perl -> spawn background proces hangs ssh session rhoekstra Programming 2 04-25-2006 02:05 AM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM
SSH MaxAuthTries is not known dunsun Debian 1 09-05-2005 06:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration