Subject: Handling disconnection from too many authentication failures

Handling disconnection from too many authentication failures

From: Mike Abdullah <>
Date: Sun, 18 Dec 2011 12:36:44 +0000

Hello, I'm trying to figure out how to best to handle an authentication problem in our code which is using libssh2. Our code does this:

1. Start up libssh2 session
2. Look to see if username/password has been saved. If not, jump straight to step 4.
3. Try to authenticate. If successful, then start up an SFTP session. Otherwise:
4. Bring up a dialog asking for username and password. When provided, jump back to step 3.

This is working great except for when the user has several failed attempts at authentication in a row. After too many, trying to authenticate returns LIBSSH2_ERROR_SOCKET_SEND or LIBSSH2_ERROR_TIMEOUT, with an error message of "Would block waiting". I take this to be the result of the server having disconnected us for too many failed attempts. Unfortunately that isn't a helpful message to display to the user!

So, I reason I need to install a callback for disconnects. Having done so, the callback is indeed being called as I'd expect, however, when it's called:

void disconnect_callback(LIBSSH2_SESSION *session, int reason, const char *message, int message_len, const char *language, int language_len, void **abstract)

message, message_len, language, and language_len are all NULL/0! I expected to receive a message along the lines of "Too many authentication failures". (the disconnect code is SSH_DISCONNECT_PROTOCOL_ERROR, which makes sense to me).

If I try the command line ssh program, I get this:

Received disconnect from 2: Too many authentication failures for username

Am I doing something wrong which means the message comes through empty? Or is it that in this case I am expected to infer the real error reason and supply a message myself?

Received on 2011-12-18