From bfb9f5516d0d98dd00bd276bcae307b9ed30fc1f Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Thu, 18 Dec 2014 23:58:04 +0000
Subject: [PATCH] don't count partial authentication success as a failure
 against MaxAuthTries; ok deraadt@

---
 usr.bin/ssh/auth2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index cf6443dd7a9..43eada23f22 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -309,7 +309,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
 		authctxt->success = 1;
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
-		if (!authctxt->server_caused_failure &&
+		if (!partial && !authctxt->server_caused_failure &&
 		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries)
-- 
2.20.1