1 failure since last successful login

[afassl]

Hi,

not sure, if this is category "Bug or Feature".

After logging via SSH I'm getting this:

Code: Select all

# ssh 192.168.140.75 -l system

 Welcome to OpenVMS (TM) x86_64 Operating System, Version E9.2-1  
system@192.168.140.75's password: 

    Last interactive login on Wednesday,  3-MAY-2023 17:11:58.23
    Last non-interactive login on Tuesday,  2-MAY-2023 17:04:01.25
    1 failure since last successful login

Cause - during login sequence is SSH key, after that passphrase.

Code: Select all

%%%%%%%%%%%  OPCOM   4-MAY-2023 06:15:32.52  %%%%%%%%%%%
Message from user AUDIT$SERVER on X861
Security alarm (SECURITY) and security audit (SECURITY) on X861, system id: 1066
Auditable event:          Network login failure
Event time:                4-MAY-2023 06:15:32.52
PID:                      0000046A        
Process name:             SSHD22_BG27133  
Username:                 SSH$SSH         
Remote node fullname:     SSH_PUBLICKEY:192.168.0.10
Remote username:          SYSTEM
Status:                   %LOGIN-F-NOTVALID, user authorization failure

From my point of view this shouldn't be counted as failure.

Not sure, if this can be somehow configured?

Best regards
Andreas

[sms]

Code: Select all

> not sure, if this is category "Bug or Feature".

   I called it a bug when I reported it for OPENSSH V8.9-1A on VMS E9.2: 
SPS-636, 2022-05-31.  So, VSI should be aware of it.

> Not sure, if this can be somehow configured?

   I know of no way (other than disabling the publickey authentication
method, or actually using publickey authentication).

[finitud]

It's worse than that, since when using public key authentication with several keys, the server reports accepting ed25519 keys but then fails to accept it when presented. The client then falls back to RSA, which is accepted. But every login counts as 1 failed login attempt, so when you're logging in and out you're going to be periodically marked as an intruder and locked out of your system for periods of time.

If you happen to have more than one key in your client, you could have several "failed login attempts" logged every time you log in.

[imiller]

report it as an issue via the Service Platform as that may move it up the list of things VSI have to do.

[gdwnldsksc]

I wouldn't do that, all hobbyist SP issues have been closed saying to report them in the forums instead and they'll get noticed/elevated as needed.

See for example (if logged in as hobbyist/community user) - https://sp.vmssoftware.com/#/org/issues/sps-996

"thanks for the report. I know that DECwindows was tested in earlier versions of 9.*. Normally, Community members ares supposed to use the Forum for group resolutions of problems, but this being something that doesn’t work, perhaps I can follow up."

[mister.moderator]

This issue was already reported once in the Service Portal and is being worked on. For future reference, we have an internal procedure in place for reports on the forum and we will escalate issues according to our procedure when appropriate.

[volkerhalle]

This issue was already reported once in the Service Portal and is being worked on. For future reference, we have an internal procedure in place for reports on the forum and we will escalate issues according to our procedure when appropriate.

mister.moderator,

would it be possible to add an appropriate note in a topic, once it has been reported internally ? So that we wouldn't need to spend additional effort in reproducing, isolating and describing the problem ?

Thanks,

Volker.

[mister.moderator]

That is a good idea and we will be bringing a similar functionality to the forum very soon so that VSI Moderators and Admins can add tags to the topics so people can see if issues have already been elevated or not.

[martinv]

AFAICT, this does not occur any more after installation of OpenSSH V8.9-1H.