SecureBlackbox 16: Why does the OnAuthenticationFailed event fire when authentication succeeds?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

The SSH protocol supports many authentication methods and you can enable all or some of them. Usually just one authentication method is used during the handshake. This means that if you, for example, enable password, key-based, and keyboard-interactive authentication (this combination is enabled by default) and use only key-based authentication, the other two mechanisms are not used. But, they are enabled and so the client attempts to use them. During these attempts the OnAuthenticationFailed event is fired.

The solution is to explicitly enable only one mechanism that you plan to use and disable other mechanisms, or you can just ignore the event because it is fired mostly for informational purposes. Note that the username/password combination can be used not only in password authentication but also in keyboard-interactive authentication (which in general is more complex than just a password). So if you disable all mechanisms but password, and your server uses keyboard-interactive authentication instead, authentication will fail -- the best approach is often to ignore the OnAuthenticationFailed event unless you have a specific reason to use it.

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at