In openssh, the ssh config entry NumberOfPasswordPrompts controls the number of times the ssh client keeps asking for a password if the one entered was invalid in two cases:
- keyboard-interactive authentication, and
- asking for passwords for encrypted private keys in identity files in pubkey authentication (see openssh sources; sshconnect2.c).
sshd-core only has support for (1) through setting the property ClientAuthenticationManager.PASSWORD_PROMPTS in the session's properties.
There doesn't seem to be any support for FilePasswordProvider to make it respect this value.
AbstractPEMResourceKeyPairParser.extractkeyPairs() and also BouncyCastleKeyPairResourceParser.loadKeyPair() call FilePasswordProvider.getPassword() exactly once.
So how can I write a ssh client using sshd that asks the user NumberOfPasswordPrompts times? Either I'm missing something, or there is some support for this missing in sshd.