VSI OpenVMS Forum

The official board to discuss OpenVMS-related topics
https://forum.vmssoftware.com/

1 failure since last successful login

https://forum.vmssoftware.com/viewtopic.php?f=30&t=8670

Page 1 of 1

1 failure since last successful login

Posted: Thu May 04, 2023 2:26 am
by afassl
Hi,

not sure, if this is category "Bug or Feature".

After logging via SSH I'm getting this:

Code: Select all

# ssh 192.168.140.75 -l system

 Welcome to OpenVMS (TM) x86_64 Operating System, Version E9.2-1  
system@192.168.140.75's password: 

    Last interactive login on Wednesday,  3-MAY-2023 17:11:58.23
    Last non-interactive login on Tuesday,  2-MAY-2023 17:04:01.25
    1 failure since last successful login
Cause - during login sequence is SSH key, after that passphrase.

Code: Select all

%%%%%%%%%%%  OPCOM   4-MAY-2023 06:15:32.52  %%%%%%%%%%%
Message from user AUDIT$SERVER on X861
Security alarm (SECURITY) and security audit (SECURITY) on X861, system id: 1066
Auditable event:          Network login failure
Event time:                4-MAY-2023 06:15:32.52
PID:                      0000046A        
Process name:             SSHD22_BG27133  
Username:                 SSH$SSH         
Remote node fullname:     SSH_PUBLICKEY:192.168.0.10
Remote username:          SYSTEM
Status:                   %LOGIN-F-NOTVALID, user authorization failure
From my point of view this shouldn't be counted as failure.

Not sure, if this can be somehow configured?

Best regards
Andreas

Re: 1 failure since last successful login

Posted: Thu May 04, 2023 8:09 am
by sms

Code: Select all

> not sure, if this is category "Bug or Feature".

   I called it a bug when I reported it for OPENSSH V8.9-1A on VMS E9.2: 
SPS-636, 2022-05-31.  So, VSI should be aware of it.

> Not sure, if this can be somehow configured?

   I know of no way (other than disabling the publickey authentication
method, or actually using publickey authentication).

Re: 1 failure since last successful login

Posted: Thu May 04, 2023 2:32 pm
by finitud
It's worse than that, since when using public key authentication with several keys, the server reports accepting ed25519 keys but then fails to accept it when presented. The client then falls back to RSA, which is accepted. But every login counts as 1 failed login attempt, so when you're logging in and out you're going to be periodically marked as an intruder and locked out of your system for periods of time.

If you happen to have more than one key in your client, you could have several "failed login attempts" logged every time you log in.

Re: 1 failure since last successful login

Posted: Fri May 05, 2023 6:34 am
by imiller
report it as an issue via the Service Platform as that may move it up the list of things VSI have to do.

Re: 1 failure since last successful login

Posted: Fri May 05, 2023 11:34 pm
by gdwnldsksc
I wouldn't do that, all hobbyist SP issues have been closed saying to report them in the forums instead and they'll get noticed/elevated as needed.

See for example (if logged in as hobbyist/community user) - https://sp.vmssoftware.com/#/org/issues/sps-996

"thanks for the report. I know that DECwindows was tested in earlier versions of 9.*. Normally, Community members ares supposed to use the Forum for group resolutions of problems, but this being something that doesn’t work, perhaps I can follow up."

Re: 1 failure since last successful login

Posted: Mon May 08, 2023 7:07 am
by mister.moderator
This issue was already reported once in the Service Portal and is being worked on. For future reference, we have an internal procedure in place for reports on the forum and we will escalate issues according to our procedure when appropriate.

Re: 1 failure since last successful login

Posted: Mon May 08, 2023 10:05 am
by volkerhalle
mister.moderator wrote:
Mon May 08, 2023 7:07 am
 This issue was already reported once in the Service Portal and is being worked on. For future reference, we have an internal procedure in place for reports on the forum and we will escalate issues according to our procedure when appropriate.
mister.moderator,

would it be possible to add an appropriate note in a topic, once it has been reported internally ? So that we wouldn't need to spend additional effort in reproducing, isolating and describing the problem ?

Thanks,

Volker.

Re: 1 failure since last successful login

Posted: Fri May 12, 2023 4:19 am
by mister.moderator
That is a good idea and we will be bringing a similar functionality to the forum very soon so that VSI Moderators and Admins can add tags to the topics so people can see if issues have already been elevated or not.

Re: 1 failure since last successful login

Posted: Fri Jan 05, 2024 7:48 am
by martinv
AFAICT, this does not occur any more after installation of OpenSSH V8.9-1H.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/