Hi! This is the ezmlm program. I'm managing the
[email]email@example.com[/email] mailing list.
I'm working for my owner, who can be reached
Messages to you from the secureshell mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.
If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the secureshell mailing list,
without further notice.
I've kept a list of which messages from the secureshell mailing list have
bounced from your address.
Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
To receive a subject and author list for the last 100 or so messages,
send an empty message to:
Here are the message numbers:
--- Enclosed is a copy of the bounce message I received.
Received: (qmail 26165 invoked from network); 29 Jun 2008 00:28:29 -0000
Received: from mail.securityfocus.com (220.127.116.11)
by lists.securityfocus.com with SMTP; 29 Jun 2008 00:28:29 -0000
Received: (qmail 29312 invoked by alias); 28 Jun 2008 22:31:48 -0000
Received: (qmail 29280 invoked from network); 28 Jun 2008 22:31:47 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (18.104.22.168)
by mail.securityfocus.com with SMTP; 28 Jun 2008 22:31:47 -0000
Received: by outgoing3.securityfocus.com (Postfix)
id 0923C236FF3; Sat, 28 Jun 2008 16:10:25 -0600 (MDT)
Date: Sat, 28 Jun 2008 16:10:25 -0600 (MDT)
From: [email]MAILER-DAEMON@securityfocus.com[/email] (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
Content-Type: multipart/report; report-type=delivery-status;
This is a MIME-encapsulated message.
This is the Postfix program at host outgoing3.securityfocus.com.
I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
mx1.csie.nctu.edu.tw[22.214.171.124] refused to talk to me: 421 4.4.1
cacy-fpe-srv-2.symantec.com Unable to contact destination
Content-Description: Delivery report
Reporting-MTA: dns; outgoing3.securityfocus.com
X-Postfix-Sender: rfc822; [email]firstname.lastname@example.org[/email]
Arrival-Date: Thu, 26 Jun 2008 13:56:45 -0600 (MDT)
Final-Recipient: rfc822; [email]email@example.com[/email]
Diagnostic-Code: X-Postfix; host mx1.csie.nctu.edu.tw[126.96.36.199] refused
to talk to me: 421 4.4.1 cacy-fpe-srv-2.symantec.com Unable to contact
Content-Description: Undelivered Message
Received: from lists.securityfocus.com (lists.securityfocus.com [188.8.131.52])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 21BBC236FC5; Thu, 26 Jun 2008 13:56:45 -0600 (MDT)
Mailing-List: contact [email]firstname.lastname@example.org[/email]; run by ezmlm
Delivered-To: mailing list [email]email@example.com[/email]
Delivered-To: moderator for [email]firstname.lastname@example.org[/email]
Received: (qmail 23275 invoked from network); 26 Jun 2008 16:13:00 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
Date: Thu, 26 Jun 2008 07:38:26 -0700 (PDT)
From: wc wong <email@example.com>
Subject: sshd "none" method authentication
Content-Type: text/plain; charset=us-ascii
Resent-Date: Thu, 26 Jun 2008 13:56:45 -0600 (MDT)
I'm using OpenSSH version 4.6p1. I also use -lbsm flag when running configure to enable Solaris 10's BSM.
I notice that the none method failure is counted in /etc/shadow as a failed login, but the successful of the publickey method is not decrementing the failed login count in /etc/shadow. Hence resulting in the user account eventually being locked with a few ssh using publickey authentication as described below.
I configured a user in a server with Openssh publickey authentication.
I found that everytime when ssh to the user using publickey, there's at the beginning of the ssh session, the following log message:
sshd: Failed none for xxxx from a.b.c.d port xxxx ssh2
I understand that is required as the first step in SSHV2 authentication.
However, as I'm using Solaris 10 with LOCK_AFTER_RETRIES=yes. I found in the /etc/shadow file, the failed count for the user is incremented by one everytime when ssh with publickey. I suspect the failure of this first "none" authentication method is somehow returned and consider by Solaris as a login failure. This causes the user eventually being locked after a few ssh by publickey.
I wonder if there is any way to skip returning this "none" failure to the Solaris OS resulting in the fail login count being incremented.
Thanks in advance,