On Jun 23,  7:40pm, wrstuden@netbsd.org (Bill Studenmund) wrote:
-- Subject: Re: pam_ssh for users w/o private keys

| > Did you type your password when it asked for the passphrase? Do you
| > have try first pass set?
| 
| I had to disable try_first_pass in a lot of lines. Seems our=20
| try_first_pass isn't implemented right, and it acts like use_first_pass.=20
| It's supposed to re-ask on failure, but doesn't.
| 

Yes, I have been wondering what the correct semantics for it should be.
If you look in the ssh pam module, it checks and retries. The others don't.

christos