https://bugzilla.mindrot.org/show_bug.cgi?id=2415
--- Comment #2 from Jakub Jelen <[email protected]> --- Yes, I got the point about verbose. I believe that these messages are not much useful, especially the first few of them and if it fails in this early phase of checking public key. But when I was debugging this issue, the failures were counted in child as I stated above. It is pretty confusing that there is the same variable authctxt->failures used in different contexts. Especially when you watch this variable in auth_log function, it is once 0 and once non-zero (as progressing with different keys), depending on who calls it. The line in auth_log() > authctxt->failures >= options.max_authtries / 2 || led me to the question if it is really expected to have this value always-zero in context of public key authentication. Yes, it doesn't make sense to log every attempt. But repetitive attempts can be potentially threat. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
