php ssh2 auth failure duplicates pam faillock count
by anctop from LinuxQuestions.org on (#5RDAZ)
Hi,
Our system is using Linux-PAM-1.4.0 with "faillock" module, and PHP-7.3.4 with libssh2-1.8.2.
The sshd auth section follows the standard form :
Code:auth [success=1 default=bad] pam_unix.so
auth [default=die] pam_faillock.so authfail dir=/var/run/faillock
auth sufficient pam_faillock.so authsucc dir=/var/run/faillock
auth required pam_deny.soIt is noted that one "ssh2_auth_password" failure will generate two faillock counts.
For example, executing the script :
Code:$F=ssh2_connect('localhost','22');
ssh2_auth_password($F,'test_user','incorrect_pin');
ssh2_disconnect($F);The PAM faillock module records two attempts :
Code:# faillock --dir /var/run/faillock --user test_user
test_user:
When Type Source Valid
2021-11-02 11:02:03 RHOST 127.0.0.1 V
2021-11-02 11:02:05 RHOST 127.0.0.1 VCan this issue be fixed ?
Our system is using Linux-PAM-1.4.0 with "faillock" module, and PHP-7.3.4 with libssh2-1.8.2.
The sshd auth section follows the standard form :
Code:auth [success=1 default=bad] pam_unix.so
auth [default=die] pam_faillock.so authfail dir=/var/run/faillock
auth sufficient pam_faillock.so authsucc dir=/var/run/faillock
auth required pam_deny.soIt is noted that one "ssh2_auth_password" failure will generate two faillock counts.
For example, executing the script :
Code:$F=ssh2_connect('localhost','22');
ssh2_auth_password($F,'test_user','incorrect_pin');
ssh2_disconnect($F);The PAM faillock module records two attempts :
Code:# faillock --dir /var/run/faillock --user test_user
test_user:
When Type Source Valid
2021-11-02 11:02:03 RHOST 127.0.0.1 V
2021-11-02 11:02:05 RHOST 127.0.0.1 VCan this issue be fixed ?