SSH package concerns...
While setting up PAM in conjunction with SSH I included the following
line to deny access unless found in the following file:
auth required pam_listfile.so sense=allow onerr=fail item=user
Which works, sort of.
...Lets say for examples sake the user "bob" is trying to get in, but is
not listed in this file. Ie: not authorized. If I try to connect via
the windows program PuTTY, the first attempt fails, naturally, but if I
re-type the password when prompted it will let me in!!! Not good. I
tested this several different ways and found that if I try and go from
linux box to linux box after about 4 attempts it will let me in.
SSH package version: OpenSSH_3.8.1p1 Debian-8.sarge.4
in conjunction with: OpenSSL 0.9.7e 25 Oct 2004
Now I was doing some research into this, figuring I configured something
wrong or what not early on when I first noticed this authentication
problem existed and noticed that there have been some huge changes from
the 3.8.1p1 release back in October 2004 (Ironically if I read that
right 4.0 was just released today). Changelog:
But, why on earth is this package so out of date?? Insight into this
would be greatly appreciated.
Code is poetry.