On Sun, May 18, 2025, 22:58 William Herrin via NANOG > (SNIP) > You connect to me with SSH and enter "root" with the right password, > you have authenticated yourself as root. I'm not gonna let you in > because I've decided that root is not authorized to connect via ssh, > but that has nothing to do with the authentication step. If you've > figured out the password, you are verified to be root. See how that > works? >
...What version of SSH service are you running? If this is true, it's not OpenSSH. It does username checks/logic before authentication. https://man.openbsd.org/sshd_config#PermitRootLogin https://man.openbsd.org/sshd_config#AuthenticationMethods It has no way of determining what auth challenges to send to/apply to the client if it didn't. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/DRF3CG6RYSORUS3T4NAK77KKF2DK6WD7/
