Re: Failed none - How to interpret

• Previous message: Ian Pilcher: "Can't extract X cookie w/ ssh forwarding"
• In reply to: Harry Putnam: "Failed none - How to interpret"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 04 May 2003 08:53:54 GMT

In article <m2wuh82dng.fsf@sbcglobal.net>,
Harry Putnam <hgp@sbcglobal.net> wrote:
>I often see the phrase `Failed none' in sshd log output. This seems
>to be really dumb message. There must be some reason for such a
>nonsensical message. What does it mean?

It's a required part of the SSH V2 protocol. Basically, the client
asks for an authentication of "none" when it wants to know what
methods the server supports.

So why log it? Well, see the part below where it says that if no
authentication is required for the user then the authentication MUST
succeed? If the request was not logged, the someone could try all
accounts with "none" authentication just on the off chance one would be
permitted, and the server's admin would never know.

                -Daz.

>From the draft RFC for the SSH2 Authentication Protocol,
draft-ietf-secsh-userauth-15.txt:

[quote]
2.3 The "none" Authentication Request

   A client may request a list of authentication methods that may
   continue by using the "none" authentication method.

   If no authentication at all is needed for the user, the server MUST
   return SSH_MSG_USERAUTH_SUCCESS. Otherwise, the server MUST return
   SSH_MSG_USERAUTH_FAILURE and MAY return with it a list of
   authentication methods that can continue.

   This method MUST NOT be listed as supported by the server.
[/quote]

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Previous message: Ian Pilcher: "Can't extract X cookie w/ ssh forwarding"
• In reply to: Harry Putnam: "Failed none - How to interpret"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Default SMTP Virtual Server - Best authentication methods? ... I checked your settings for the authentication method. ... This newsgroup only focuses on SBS technical issues. ... Generally speaking, if you deploy IMF v2 on a gateway Exchange server, ... authentication methods and Anonymous access has the highest priority. ... (microsoft.public.windows.server.sbs) Re: Default SMTP Virtual Server - Best authentication methods? ... I checked your settings for the authentication method. ... This newsgroup only focuses on SBS technical issues. ... Generally speaking, if you deploy IMF v2 on a gateway Exchange server, ... authentication methods and Anonymous access has the highest priority. ... (microsoft.public.windows.server.sbs) RE: [SLE] windows 2000 network authentication ... The dynamic IP should not affect the authentication. ... If the rule applies specifically to users, then the ISA Server ... different authentication methods for incoming Web requests and for outgoing ... (SuSE) Re: Multiple Authentication Methods... what order? ... View or Change Authentication Methods in IIS ... > Digest authentiation was new in IIS 5.0 if I'm not mistaken. ... (microsoft.public.inetserver.iis.security) Re: Multiple domians & POP3 ... let me change the authentication method. ... > other authentication methods, Active Directory and Encrypted File. ... Changing from Windows Authentication to Encrypted File, ... (microsoft.public.inetserver.iis.smtp_nntp)