1 files changed, 17 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index dc8048939..873e1459d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,22 @@
     Merge duplicate host key file checks, based in part on a patch from Rob
     Holland via bz #1348 .  Also checks for non-regular files during protocol
     1 RSA auth.  ok djm@
+   - djm@cvs.openbsd.org 2008/07/02 12:36:39
+     [auth2-none.c auth2.c]
+     Make protocol 2 MaxAuthTries behaviour a little more sensible:
+     Check whether client has exceeded MaxAuthTries before running
+     an authentication method and skip it if they have, previously it
+     would always allow one try (for "none" auth).
+     Preincrement failure count before post-auth test - previously this
+     checked and postincremented, also to allow one "none" try.
+     Together, these two changes always count the "none" auth method
+     which could be skipped by a malicious client (e.g. an SSH worm)
+     to get an extra attempt at a real auth method. They also make
+     MaxAuthTries=0 a useful way to block users entirely (esp. in a
+     sshd_config Match block).
+     Also, move sending of any preauth banner from "none" auth method
+     to the first call to input_userauth_request(), so worms that skip
+     the "none" method get to see it too.
 20080630
 - (djm) OpenBSD CVS Sync
@@ -4516,4 +4532,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.5047 2008/07/02 12:37:30 dtucker Exp $
+$Id: ChangeLog,v 1.5048 2008/07/02 12:56:09 dtucker Exp $

diff --git a/ChangeLog b/ChangeLog index dc8048939..873e1459d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -33,6 +33,22 @@
33	Merge duplicate host key file checks, based in part on a patch from Rob	33	Merge duplicate host key file checks, based in part on a patch from Rob
34	Holland via bz #1348 . Also checks for non-regular files during protocol	34	Holland via bz #1348 . Also checks for non-regular files during protocol
35	1 RSA auth. ok djm@	35	1 RSA auth. ok djm@
		36	- djm@cvs.openbsd.org 2008/07/02 12:36:39
		37	[auth2-none.c auth2.c]
		38	Make protocol 2 MaxAuthTries behaviour a little more sensible:
		39	Check whether client has exceeded MaxAuthTries before running
		40	an authentication method and skip it if they have, previously it
		41	would always allow one try (for "none" auth).
		42	Preincrement failure count before post-auth test - previously this
		43	checked and postincremented, also to allow one "none" try.
		44	Together, these two changes always count the "none" auth method
		45	which could be skipped by a malicious client (e.g. an SSH worm)
		46	to get an extra attempt at a real auth method. They also make
		47	MaxAuthTries=0 a useful way to block users entirely (esp. in a
		48	sshd_config Match block).
		49	Also, move sending of any preauth banner from "none" auth method
		50	to the first call to input_userauth_request(), so worms that skip
		51	the "none" method get to see it too.
36		52
37	20080630	53	20080630
38	- (djm) OpenBSD CVS Sync	54	- (djm) OpenBSD CVS Sync
@@ -4516,4 +4532,4 @@
4516	OpenServer 6 and add osr5bigcrypt support so when someone migrates	4532	OpenServer 6 and add osr5bigcrypt support so when someone migrates
4517	passwords between UnixWare and OpenServer they will still work. OK dtucker@	4533	passwords between UnixWare and OpenServer they will still work. OK dtucker@
4518		4534
4519	$Id: ChangeLog,v 1.5047 2008/07/02 12:37:30 dtucker Exp $	4535	$Id: ChangeLog,v 1.5048 2008/07/02 12:56:09 dtucker Exp $