https://bugzilla.mindrot.org/show_bug.cgi?id=3736
--- Comment #5 from [email protected] --- [root@test-vm ~]# sshd -T | grep passwordauth passwordauthentication no As I said I got it to work with PAM_ABORT instead and I don't want to be bothersome. I redid a test with a dump of the sshd config at the beginning: [root@pam-test-td ~]# sshd -T | grep passwordauth passwordauthentication no [root@pam-test-td ~]# cat /etc/pam.d/sshd | grep -v '#' auth required pam_module.so #Replace the pam module with the pam_maxtries.so one [root@pam-test-td ~]# cp /tmp/pam_maxtries.so /usr/lib64/security/pam_module.so cp: overwrite '/usr/lib64/security/pam_module.so'? y #in a second terminal try to ssh ssh tdelmas@test-vm tdelmas@test-vm's password: <enter anything> Received disconnect from 10.40.0.33 port 22:2: Too many authentication failures Disconnected from 10.40.0.33 port 22 #back to the vm replace the shared module by the one returning pam abort [root@pam-test-td ~]# cp /tmp/pam_abort.so /usr/lib64/security/pam_module.so cp: overwrite '/usr/lib64/security/pam_module.so'? y #back to the second terminal ssh tdelmas@test-vm tdelmas@test-vm: Permission denied (keyboard-interactive). Here I don't get password prompted. The two modules pam_abort and pam_maxtries were compiled with the same min.c file (from my original message) with only the return value being changed. I am happy to do further testing if you think there might be something behind this but else, I get the behavior I wanted with PAM_ABORT and I think I can live with it so I can change the case status. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
