SCP / SSHEXEC - number of connection attempts

Question

I am using scp task followed by sshexec in my ant build.xml. I derive the value for password from a Password field on the screen. The user doesnt have the ability to check if its the right password or not until the task completes successfully.

As a result, if the entered password is incorrect, does Scp / sshexec retry to connect? Is there any handle to limit the number of connection retries?

Answer 1

The sshexec and scp tasks use Java Secure Channel JSch, see ant manual library dependencies.
I had a similiar problem, as JSch tries to authenticate 6 times configured in the com.jcraft.jsch.JSch Class. When wrong password was used, the user account got locked.
Simply patched the com.jcraft.jsch.JSch Class like this :

from :

config.put("MaxAuthTries", "6");

to :

config.put("MaxAuthTries", "3");

Means JSch will only try 3 times to authenticate.

-- Edit after comment --

1. Download JSch release zip here - the latest version is 0.1.51

2. Unzip

3. Open jsch-0.1.51/src/main/java/com/jcraft/jsch/JSch.java

4. Change line 124
   from
   config.put("MaxAuthTries", "6");
   to
   config.put("MaxAuthTries", "3");

5. Save

6. Run jsch-0.1.51/build.bat or build.sh according to your OS

7. Use jsch-0.1.51/dist/lib/jsch-0.1.5.jar

Answer 2

Here a solution which does not require you to manually patch and rebuild the JSch library.

In order to limit the retry count to 1, just add the following script snippet either at the beginning of your Ant script, or before invoking scp and sshexec tasks, e.g.:

<script language="javascript"> <![CDATA[
     com.jcraft.jsch.JSch.setConfig("MaxAuthTries", "1");
]]> </script>

<sshexec host="..." username="..." password="..." command="..."/>

You'll need JSch 0.1.46 or higher! I tested with Ant 1.9.4 and JSch 0.1.51 / 0.1.52.