summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>1999-11-03 23:31:04 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>1999-11-03 23:31:04 +0000
commite0044234828e4e7919ddd5018070c4b8dd6b9ebc (patch)
tree706001dbe64917fc2a028335498d9c70c3641272 /usr.bin/ssh
parent7bdd0aedf4fb033a022dd959e3f2399aabb2a89f (diff)
don't send fail-msg but disconnect if too many authentication failures
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/sshd.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index f5ccd5991b5..01673fcf358 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -18,7 +18,7 @@ agent connections.
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.44 1999/11/02 19:42:37 markus Exp $");
+RCSID("$Id: sshd.c,v 1.45 1999/11/03 23:31:03 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -1048,15 +1048,15 @@ do_authentication(char *user, int privileged_port)
packet_send_debug(skeyinfo);
}
#endif
+ if (++authentication_failures >= MAX_AUTH_FAILURES) {
+ packet_disconnect("Too many authentication failures for %.100s from %.200s",
+ user, get_canonical_hostname());
+ }
/* Send failure. This should be indistinguishable from a failed
authentication. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
- if (++authentication_failures >= MAX_AUTH_FAILURES) {
- packet_disconnect("Too many authentication failures for %.100s from %.200s",
- user, get_canonical_hostname());
- }
}
/*NOTREACHED*/
abort();
@@ -1351,15 +1351,15 @@ do_authentication(char *user, int privileged_port)
if (authenticated)
break;
+ if (++authentication_failures >= MAX_AUTH_FAILURES) {
+ packet_disconnect("Too many authentication failures for %.100s from %.200s",
+ pw->pw_name, get_canonical_hostname());
+ }
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
- if (++authentication_failures >= MAX_AUTH_FAILURES) {
- packet_disconnect("Too many authentication failures for %.100s from %.200s",
- pw->pw_name, get_canonical_hostname());
- }
}
/* Check if the user is logging in as root and root logins are disallowed. */