Re: Too many authentication failures

On Fri, 18 Jan 2008 23:24:44 GMT Darren Dunham <ddunham@xxxxxxxx> wrote:

| phil-news-nospam@xxxxxxxx wrote:
|> For most of my ssh clients I need to use as many as 9 different
|> identities.
|
| OpenSSH?
|
|> The question is: How can I run the ssh client such that it will discard the
|> big list of identities, either in favor of another list I could make small,
|> or just not use identity files at all, so that it won't run out of attempts
|> before it gets to the password attempt? I was hoping for something like
|> -o 'passwordonly yes' or maybe -o 'noidentities yes' or similar. I could
|> not find anything that resembled that logic.
|
| PreferredAuthentications
| Specifies the order in which the client should try protocol 2
| authentication methods. This allows a client to prefer one
| method (e.g. keyboard-interactive) over another method (e.g.
| password) The default for this option is: ``gssapi-with-mic,
| hostbased, publickey, keyboard-interactive, password''.
|
| So I would assume setting PreferredAuthentications to
| 'keyboard-interactive,password' for that host will not attempt to send
| keybased identities.

Don't assume that. I never saw that feature. I can see it now since I
know what name to look for from your post. It certainly wasn't the logic
I was looking for. I was always grepping for "identity" or "identities"
since that was clearly the thing getting in the way :-( But this makes
sense. I'll try it when I get back to work on Monday. Thanks.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-01-18-2127@xxxxxxxx |
|------------------------------------/-------------------------------------|
.

Relevant Pages

  • Re: Too many authentication failures
    ... |>| 'keyboard-interactive,password' for that host will not attempt to send ... What I wanted was fewer identities for certain hosts so that a password ... this particular string ie encountered in the list of identities, ...
    (comp.security.ssh)
  • Re: Too many authentication failures
    ... big list of identities, either in favor of another list I could make small, ... or just not use identity files at all, so that it won't run out of attempts ... Specifies the order in which the client should try protocol 2 ... So I would assume setting PreferredAuthentications to ...
    (comp.security.ssh)