Re: Too many authentication failures

On Sun, 27 Jan 2008 09:31:08 +1100 Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> wrote:
| On 2008-01-25, phil-news-nospam@xxxxxxxx <phil-news-nospam@xxxxxxxx> wrote:
|> On Fri, 25 Jan 2008 10:28:08 +1100 Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> wrote:
|>| On 2008-01-19, phil-news-nospam@xxxxxxxx <phil-news-nospam@xxxxxxxx> wrote:
|>|> On Fri, 18 Jan 2008 23:24:44 GMT Darren Dunham <ddunham@xxxxxxxx> wrote:
|>| [...]
|>|>| So I would assume setting PreferredAuthentications to
|>|>| 'keyboard-interactive,password' for that host will not attempt to send
|>|>| keybased identities.
|>|>
|>|> Don't assume that. I never saw that feature. I can see it now since I
|>|> know what name to look for from your post. It certainly wasn't the logic
|>|> I was looking for. I was always grepping for "identity" or "identities"
|>|> since that was clearly the thing getting in the way :-( But this makes
|>|> sense. I'll try it when I get back to work on Monday. Thanks.
|>|
|>| Try IdentityFile and IdentitiesOnly together in ssh_config.
|>
|> That wouldn't achieve my goal, since it would turn password off entirely.
|> What I wanted was fewer identities for certain hosts so that a password
|> could be tried before the remote decided too many tries had been made.
|
| Did you try it? Unless I'm misunderstanding what you're trying to do,
| it does exactly what you're asking for. It doesn't turn of password
| authentication.

If it doesn't cause ssh to use only identities, then it isn't doing what
it's name clearly implies. And from what I read in (man ssh_config) it
would use only identities as configured. Based on that, there would be
no reason to try it, any more than any other randomly chosen option.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-01-26-1831@xxxxxxxx |
|------------------------------------/-------------------------------------|
.

Relevant Pages

  • Re: Too many authentication failures
    ... with the identities. ... What my thinking was is that when I specify them, ... list under a section for just a host, ... narrow focus. ...
    (comp.security.ssh)
  • Re: Too many authentication failures
    ... |>| 'keyboard-interactive,password' for that host will not attempt to send ... What I wanted was fewer identities for certain hosts so that a password ... this particular string ie encountered in the list of identities, ...
    (comp.security.ssh)
  • Re: Too many authentication failures
    ... |>| 'keyboard-interactive,password' for that host will not attempt to send ... since it would turn password off entirely. ... What I wanted was fewer identities for certain hosts so that a password ... Good judgement comes with experience. ...
    (comp.security.ssh)
  • Re: Too many authentication failures
    ... PH> for that host will not attempt to send |>|>| keybased identities. ... PH> of password | authentication. ... This means that, *during publickey authentication*, it will only use ...
    (comp.security.ssh)
  • Re: Too many authentication failures
    ... | keybased identities. ... I never saw that feature. ... Good judgement comes with experience. ...
    (comp.security.ssh)