Re: sshd "none" method authentication

On Thu, Jun 26, 2008 at 01:11:46PM -0700, wc wong wrote:
Thanks Darren.

Yes, we are using PAM.

I'll try "PermitEmptyPasswords no" to see if it can resolve the
failure count issue.

One more problem, I found is that when I use authentication by
password, though the failure count incremented by one with the
none-method, the count is reset with the success of the password
authentication. This is not the case when I use publickey authentication,
the count is not reset with the success of the publickey authentication.

The problem here is that pubkey authentication doesn't occur through
PAM, and I don't know a good general solution to this. (There's
no way for an application to say to PAM "this login is good, even
though PAM didn't say so").

If the module in question also implements the session part of the
stack, you could try that (add "session required")
and it may work, but it will depend on the PAM module.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.