===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth2.c,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -r1.118 -r1.119
--- src/usr.bin/ssh/auth2.c	2008/07/02 13:30:34	1.118
+++ src/usr.bin/ssh/auth2.c	2008/07/04 23:30:16	1.119
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.118 2008/07/02 13:30:34 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.119 2008/07/04 23:30:16 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -288,7 +288,10 @@
 		/* now we can break out */
 		authctxt->success = 1;
 	} else {
-		if (++authctxt->failures >= options.max_authtries)
+		/* Allow initial try of "none" auth without failure penalty */
+		if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+			authctxt->failures++;
+		if (authctxt->failures >= options.max_authtries)
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);