Hello,
I have discovered, that if I configure radius for login authorization and I login via SSH, Mikrotik firstly makes two radius access-requests without password (even before SSH password prompt).
Why this behaviour?
Try to run ssh client with verbose logging enabled. Quite likely you’ll see two attempts to login using private key (most ssh installations nowdays create RSA and ED25519 keys and by default ssh client tries private key authentication before prompting for password). Or try running ssh client with option
ssh -o PubkeyAuthentication=no
which should skip private key authentication altogether.
So nothing wrong with ssh server on ROS nir with radius client, it’s the way most ssh clients work.
Of course, it was the first thing I tried. No difference. I still see two access-reject answers before password prompt.