Hi, Thank you for your feedback,
+-From: Lance Titchkosky <[email protected]> -- |_Date: Tue, 6 Dec 2011 19:40:22 -0700 _______ | |I'm just wondering if bug 1849771 can be looked at |"Incorrect password results in infinite loop - ID: 1849771" |We are running into this as well and it is a really simple fix on line 160: ... Such a change will break the behavior. User should be allowed to try the another password. |I am guessing this must only happen on certain SFTP servers which |return SSH_MSG_USERAUTH_FAILURE) and then no bytes after that |(so the partial_success variable is still zero) or |else this would have been raised earlier but this is really something |that should be fixed in my opinion. Which SFTP server are you connecting to? I'm interesting in it. Frankly to say, it is an implementation bug of that SFTP server. Usual SFTP server will drop the connection with so many USERAUTH_FAILURE. Without such a care, DOS attacks can been easily done for it. |What is the process to get this added into a future release? It seems OpenSSH's sshd will drop the connection with 6 auth failures by the default. So, if it is allowed to do "return false" after 6 trial fails, we will accept the change. Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 Skype callto://jcraft/ Twitter: http://twitter.com/ymnk Facebook: http://facebook.com/aymnk ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ JSch-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jsch-users
