Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What does 'Authenticated with partial success' mean?

4,238 views
Skip to first unread message

Alan Hadsell

unread,
Nov 2, 2001, 1:14:29 PM11/2/01
to
Using client OpenSSH_2.9p1, I'm ssh-ing (is that a verb?) into a Linux
box running ssh.com sshd2 (not sure of the version -- how do I find
out?).

Sometimes (50-60%) it works just fine. I can log in using either
password or pubkey authentication, But sometimes, for hours at a time,
there is a long pause after I try to log in (35 seconds). Then I get
the following exchange:

,----
| $ ssh al@<hostname>
| [35-second pause]
| al@<hostname>'s password: [here I enter the correct password]
| Authenticated with partial success.
| Permission denied, please try again.
| al@<hostname>'s password: [here I enter the correct password]
| Authenticated with partial success.
| Permission denied, please try again.
| al@<hostname>'s password: [here I enter the correct password]
| Authenticated with partial success.
| Permission denied ().
| $
`----

After some hours in this condition, the problem clears up and I can
log in just fine.

I *believe*, but cannot prove, that the problem is external to the
machine in question. But I don't know what the message 'authenticated
with partial success' means, so I'm not sure how to proceed, or what
to look at next. If anyone can give me a clue on this I'd appreciate
it.

--
Alan Hadsell
"Whatever does not kill me makes me stranger".

reader of news

unread,
Nov 12, 2001, 10:58:25 AM11/12/01
to
On Fri, 02 Nov 2001 18:14:29 GMT,
Alan Hadsell <ahad...@MtDiablo.com> wrote:
>
>,----
>| $ ssh al@<hostname>
>| [35-second pause]
>| al@<hostname>'s password: [here I enter the correct password]
>| Authenticated with partial success.
>| Permission denied, please try again.
>| al@<hostname>'s password: [here I enter the correct password]
>| Authenticated with partial success.
>| Permission denied, please try again.
>| al@<hostname>'s password: [here I enter the correct password]
>| Authenticated with partial success.
>| Permission denied ().

I get this kind of error whenever
the server cannot do the reverse lookup
of my incoming ip. In fact in my
case I cannot login at all unless
the server is configured to "not do
the reverse lookup"

Because in your case you succeed after
a certain number of tries it could be
some problems with dns server.

It could also be an entirely different
problem. But the message
I get is identical to yours

good luck

reader of news

unread,
Nov 12, 2001, 10:59:48 AM11/12/01
to
On Fri, 02 Nov 2001 18:14:29 GMT,
Alan Hadsell <ahad...@MtDiablo.com> wrote:
ning ssh.com sshd2 (not sure of the version -- how do I find
>out?).
>

The easiest way I can think of is to do

$ telnet server.address 22


Alan Hadsell

unread,
Nov 12, 2001, 12:34:44 PM11/12/01
to
newsr...@mediaone.net (reader of news) writes:

> I get this kind of error whenever
> the server cannot do the reverse lookup
> of my incoming ip. In fact in my
> case I cannot login at all unless
> the server is configured to "not do
> the reverse lookup"

No, the reverse lookup seems to work OK. I found the section of the
code in the SSH client that generates the message, but I must say that
it doesn't make much sense to me. I think that's because I don't have
the 'big picture'. But it looks like 'authenticated with partial
success' is an error condition returned by the server to the client.

> Because in your case you succeed after
> a certain number of tries it could be
> some problems with dns server.

We changed out the server, which was running ssh.com's sshd, for one
running OpenSSH, and the problem has gone away. But we changed a
bunch of other things at the same time, so I can't really say that I
have any diagnostic information. There was at least some suggestion
that the problem occurred when the server's Internet connection got
really busy.

> It could also be an entirely different
> problem. But the message
> I get is identical to yours
>
> good luck

Well, we fixed it without solving it, so it will probably come back to
bite me at the least-convenient time.

Richard E. Silverman

unread,
Nov 13, 2001, 1:06:57 AM11/13/01
to

"authenticated with partial success" means that the server is configured
to require multiple forms of authentication, and at least of them has
succeeded -- now it wants you to complete the rest.

--
Richard Silverman
sl...@shore.net

Alan Hadsell

unread,
Nov 13, 2001, 11:32:27 AM11/13/01
to
sl...@shore.net (Richard E. Silverman) writes:

> "authenticated with partial success" means that the server is configured
> to require multiple forms of authentication, and at least of them has
> succeeded -- now it wants you to complete the rest.

Thanks, Richard. Unfortunately I can't see how that could be the
cause of my problem. The situation was that the same server, with no
configuration changes, would sometimes return "Authenticated with
partial success" and sometimes succeed.

The server was ssh.com's 2.0.13 on linux, and the clients were OpenSSH
2.9p2 (linux) and 2.9.9p2 (Win2K). The only clue we had was that the
problem seemed to occur under heavy network load.

Hmm. In this context, is DNS lookup considered a "form of
authentication"? Maybe the server's reverse DNS lookup was timing out
due to the network load?

The point's moot, anyway. We changed out the server (hardware and
software) and the problem's gone.

0 new messages