Thanks for the very quick response. The server we are connecting to is
Jscape MFT server, I agree it seems like it is not great from the server
perspective to always accept an attempt over and over but it is probably
something Jsch should handle as well. From the other comment in the bug
sounds like it has also occurred with Globalscape SFTP server.
Attached is a patch so that JSCH gives up after 6 attempts as you
requested, tried to match the coding style for variable names that was
already in there.
On 11-12-06 8:34 PM, "Atsuhiko Yamanaka" <ymnk@...> wrote:
>Thank you for your feedback,
> +-From: Lance Titchkosky <lance@...> --
> |_Date: Tue, 6 Dec 2011 19:40:22 -0700 _______
> |I'm just wondering if bug 1849771 can be looked at
> |"Incorrect password results in infinite loop - ID: 1849771"
> |We are running into this as well and it is a really simple fix on
>Such a change will break the behavior.
>User should be allowed to try the another password.
> |I am guessing this must only happen on certain SFTP servers which
> |return SSH_MSG_USERAUTH_FAILURE) and then no bytes after that
> |(so the partial_success variable is still zero) or
> |else this would have been raised earlier but this is really something
> |that should be fixed in my opinion.
>Which SFTP server are you connecting to? I'm interesting in it.
>Frankly to say, it is an implementation bug of that SFTP server.
>Usual SFTP server will drop the connection with so many USERAUTH_FAILURE.
>Without such a care, DOS attacks can been easily done for it.
> |What is the process to get this added into a future release?
>It seems OpenSSH's sshd will drop the connection with 6 auth failures
>by the default. So, if it is allowed to do "return false"
>after 6 trial fails, we will accept the change.
>1-14-20 HONCHO AOBA-KU,
>SENDAI, MIYAGI 980-0014 Japan.