HPE Community
Operating System - HP-UX
1826215 Members
2820 Online
109691 Solutions
New Discussion

Newer T1471AA Secure Shell unexpectedly incrementing TCB failed login count

 
Michael_Pelleti
Occasional Advisor

‎09-26-2011 08:32 AM

‎09-26-2011 08:32 AM

Newer T1471AA Secure Shell unexpectedly incrementing TCB failed login count

Under T1471AA Secure Shell version 5.3.7 on a Trusted Mode system, when I lack an "authorized keys" file and I am sent to the Password: prompt, the failed login count is not incremented until I enter the wrong password.

 

However in 5.6, my failed login count is bumped up by one when I fail the public key based authentication (moving my authorized_keys file out of the way), leaving me at one failed login before I even have a chance to enter my password. I haven't had a chance to try 5.8 yet, but I expect it wouldn't be any different.  We have "UsePAM" enabled due to other requirements.

 

There's a section in the "known bugs" of the release notes discussing login failure audit events under SMSE (Standard Mode Security Extensions), but it doesn't mention a workaround. Our security requirements are tightening steadily, and we're having to implement locking an account after only three failed logins. This issue cuts that even further to only two, in effect, for anyone who doesn't use public-key authentication.

 

Does anyone have any suggestions? It's not clear whether we'd be permitted to revert to an earlier SSH to resolve this, so it'd be best to find a fix in the sshd_config or pam.conf if at all possible.

 

Thanks!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.