Multiple prompts un-enrolled users


#1

Hello.

Im currently testing the UNIX protection, so far it’s working good
But i have one problem, when an un-enrolled user tries to login they get the: “Please enroll at message” multiple times
Is there anyway to only show this message once?

login as: test
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com
Access denied
Using keyboard-interactive authentication.
Please enroll at https://redacted.com

Here is my pam_duo.conf

[duo]
; Duo integration key
ikey = redacted
; Duo secret key
skey = redacted
; Duo API host
host = redacted
; Send command for Duo Push authentication
;pushinfo = yes
prompts = 1

I’m using Ubuntu 16.04


#2

Hi OBenned,

Try adding MaxAuthTries 3 to your sshd_config.

From man sshd_config:

MaxAuthTries
        Specifies the maximum number of authentication attempts permitted per connection.  Once
        the number of failures reaches half this value, additional failures are logged.  The
        default is 6.

#3

Hi Kristina. that worked like a charm, thanks :slight_smile: