Why does the OnAuthenticationFailed event fire when authentication succeeds?

The SSH protocol supports many authentication methods and you can enable all or some of them. Usually just one authentication method is used during the handshake. This means that if you, for example, enable password, key-based, and keyboard-interactive authentication (this combination is enabled by default) and use only key-based authentication, the other two mechanisms are not used. But, they are enabled and so the client attempts to use them. During these attempts the OnAuthenticationFailed event is fired.

The solution is to explicitly enable only one mechanism that you plan to use and disable other mechanisms, or you can just ignore the event because it is fired mostly for informational purposes. Note that the username/password combination can be used not only in password authentication but also in keyboard-interactive authentication (which in general is more complex than just a password). So if you disable all mechanisms but password, and your server uses keyboard-interactive authentication instead, authentication will fail -- the best approach is often to ignore the OnAuthenticationFailed event unless you have a specific reason to use it.

Ready to get started?

Learn more about SecureBlackbox or download a free trial.

Download Now