Hi! This is the ezmlm program. I'm managing the
secureshell@securityfocus.com mailing list.

I'm working for my owner, who can be reached
at secureshell-owner@securityfocus.com.


Messages to you from the secureshell mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.

If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the secureshell mailing list,
without further notice.


I've kept a list of which messages from the secureshell mailing list have
bounced from your address.

Copies of these messages may be in the archive.

To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:


To receive a subject and author list for the last 100 or so messages,
send an empty message to:


Here are the message numbers:

9952
9955
9953
9957
9956
9970

--- Enclosed is a copy of the bounce message I received.

Return-Path: <>
Received: (qmail 26165 invoked from network); 29 Jun 2008 00:28:29 -0000
Received: from mail.securityfocus.com (205.206.231.9)
by lists.securityfocus.com with SMTP; 29 Jun 2008 00:28:29 -0000
Received: (qmail 29312 invoked by alias); 28 Jun 2008 22:31:48 -0000
Received: (qmail 29280 invoked from network); 28 Jun 2008 22:31:47 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
by mail.securityfocus.com with SMTP; 28 Jun 2008 22:31:47 -0000
Received: by outgoing3.securityfocus.com (Postfix)
id 0923C236FF3; Sat, 28 Jun 2008 16:10:25 -0600 (MDT)
Date: Sat, 28 Jun 2008 16:10:25 -0600 (MDT)
From: MAILER-DAEMON@securityfocus.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: secureshell-return-9952-openssh-users=freebsd.csie.nctu.edu.tw@securityfocus.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="21BBC236FC5.1214691005/outgoing3.securityfocus.com"
Message-Id: <20080628221025.0923C236FF3@outgoing3.securityfocus .com>

This is a MIME-encapsulated message.

--21BBC236FC5.1214691005/outgoing3.securityfocus.com
Content-Description: Notification
Content-Type: text/plain

This is the Postfix program at host outgoing3.securityfocus.com.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

: host
mx1.csie.nctu.edu.tw[140.113.17.201] refused to talk to me: 421 4.4.1
cacy-fpe-srv-2.symantec.com Unable to contact destination

--21BBC236FC5.1214691005/outgoing3.securityfocus.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; outgoing3.securityfocus.com
X-Postfix-Queue-ID: 21BBC236FC5
X-Postfix-Sender: rfc822; secureshell-return-9952@securityfocus.com
Arrival-Date: Thu, 26 Jun 2008 13:56:45 -0600 (MDT)

Final-Recipient: rfc822; openssh-users@freebsd.csie.nctu.edu.tw
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; host mx1.csie.nctu.edu.tw[140.113.17.201] refused
to talk to me: 421 4.4.1 cacy-fpe-srv-2.symantec.com Unable to contact
destination

--21BBC236FC5.1214691005/outgoing3.securityfocus.com
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 21BBC236FC5; Thu, 26 Jun 2008 13:56:45 -0600 (MDT)
Mailing-List: contact secureshell-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Post:
List-Help:
List-Unsubscribe:
List-Subscribe:
Resent-Sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com
Errors-To: listbounce@securityfocus.com
Delivered-To: mailing list secureshell@securityfocus.com
Delivered-To: moderator for secureshell@securityfocus.com
Received: (qmail 23275 invoked from network); 26 Jun 2008 16:13:00 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Received:X-Mailerate:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Message-ID;
b=2Eu7iTFlisSP1biElqNlWjDNP8O1+KkyiGVXYbhO3/LBLNqQZh5WLdjdf6MXHfTwewpYWAAdttFpfVhv3SxeKuHjvv31 52T9pIkG+3gFVE9Dfpr/TMLc0WxUtLlPTbldBhjC4aYjlKj0DE0osGaWs0xeFOMJ0bRIps brLGqQ9vc=;
X-Mailer: YahooMailWebService/0.7.199
Date: Thu, 26 Jun 2008 07:38:26 -0700 (PDT)
From: wc wong
Reply-To: jwc_wong@yahoo.com
Subject: sshd "none" method authentication
To: dtucker@zip.com.au
Cc: secureshell@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <78496.48117.qm@web50111.mail.re2.yahoo.com>
Resent-Message-Id: <20080626195645.21BBC236FC5@outgoing3.securityfocus .com>
Resent-Date: Thu, 26 Jun 2008 13:56:45 -0600 (MDT)
Resent-From: secureshell-return-9952@securityfocus.com

Hi Darren,

I'm using OpenSSH version 4.6p1. I also use -lbsm flag when running configure to enable Solaris 10's BSM.

I notice that the none method failure is counted in /etc/shadow as a failed login, but the successful of the publickey method is not decrementing the failed login count in /etc/shadow. Hence resulting in the user account eventually being locked with a few ssh using publickey authentication as described below.

I configured a user in a server with Openssh publickey authentication.

I found that everytime when ssh to the user using publickey, there's at the beginning of the ssh session, the following log message:

sshd[743]: Failed none for xxxx from a.b.c.d port xxxx ssh2

I understand that is required as the first step in SSHV2 authentication.

However, as I'm using Solaris 10 with LOCK_AFTER_RETRIES=yes. I found in the /etc/shadow file, the failed count for the user is incremented by one everytime when ssh with publickey. I suspect the failure of this first "none" authentication method is somehow returned and consider by Solaris as a login failure. This causes the user eventually being locked after a few ssh by publickey.

I wonder if there is any way to skip returning this "none" failure to the Solaris OS resulting in the fail login count being incremented.

Thanks in advance,
John Wong




--21BBC236FC5.1214691005/outgoing3.securityfocus.com--