Hi Darren,
I'm using OpenSSH version 4.6p1. I also use -lbsm flag when running configure
to enable Solaris 10's BSM.
I notice that the none method failure is counted in /etc/shadow as a failed
login, but the successful of the publickey method is not decrementing the
failed login count in /etc/shadow. Hence resulting in the user account
eventually being locked with a few ssh using publickey authentication as
described below.
I configured a user in a server with Openssh publickey authentication.
I found that everytime when ssh to the user using publickey, there's at the
beginning of the ssh session, the following log message:
sshd[743]: Failed none for xxxx from a.b.c.d port xxxx ssh2
I understand that is required as the first step in SSHV2 authentication.
However, as I'm using Solaris 10 with LOCK_AFTER_RETRIES=yes. I found in the
/etc/shadow file, the failed count for the user is incremented by one everytime
when ssh with publickey. I suspect the failure of this first "none"
authentication method is somehow returned and consider by Solaris as a login
failure. This causes the user eventually being locked after a few ssh by
publickey.
I wonder if there is any way to skip returning this "none" failure to the
Solaris OS resulting in the fail login count being incremented.
Thanks in advance,
John Wong
