“Too many authentication failures” error and its solution

Error when connecting via SSHToo many authentication failures“.

The reason is quite simple: when connecting, the SSH client first tries to use the keys that are loaded ssh-agentand only then uses the key passed to the client by the option -i.

The error itself looks like this:

ssh [email protected] -i /home/setevoy/Dropbox/AWS/setevoy-do-nextcloud-production-d10-03-11

Received disconnect from 139.59.205.180 port 22:2: Too many authentication failures

Disconnected from 139.59.205.180 port 22

To make sure the keys are used first ssh-agent – connect in debug mode, add -v:

ssh -v [email protected] -i /home/setevoy/AWS/setevoy-do-nextcloud-production-d10-03-11

debug1: Offering public key: /home/setevoy/Work/aws-credentials/jenkins-production-eu-west-1.pem RSA SHA256:19/1clohkik2LHC8pyIT0JxAz8/kbjEPhBT6UyxPBaw agent

debug1: Authentications that can continue: publickey

debug1: Offering public key: [email protected] RSA SHA256:r90LWLY/HpQ/fRinmopKyXOGxrcy2ZPJp2ua7mvZFg4 agent

debug1: Authentications that can continue: publickey

debug1: Offering public key: Github setevoy2 SSH RSA SHA256:JxeiYfC236wtrdFuADpldciGT86RglAk0vRH7UDpaX8 agent

debug1: Authentications that can continue: publickey

debug1: Offering public key: /home/setevoy/Work/aws-credentials/mobilebackend-bastion-stage-us-east-2.pem RSA SHA256:SAdCEuO3MRMe+Jfo3310OBPDFbYhodlsBxiomF2THHw agent

debug1: Authentications that can continue: publickey

debug1: Offering public key: /home/setevoy/Work/aws-credentials/mobilebackend-stage-us-east-2.pem RSA SHA256:/MV7A6GRRYRMWyKWINy5xfFp94+2F90Pai3hLC3uFVQ agent

debug1: Authentications that can continue: publickey

debug1: Offering public key: /home/setevoy/Work/aws-credentials/bm-world-production.pem RSA SHA256:akVDdE5TwELN/RZ0ALgFphyAvRA4qiZUxItHoFTl0FY agent

Received disconnect from 139.59.205.180 port 22:2: Too many authentication failures

Disconnected from 139.59.205.180 port 22

And check the keys that are currently loaded by the agent:

ssh-add -l

2048 SHA256:19/1clohkik2LHC8pyIT0JxAz8/kbjEPhBT6UyxPBaw /home/setevoy/Work/aws-credentials/jenkins-production-eu-west-1.pem (RSA)

3072 SHA256:JxeiYfC236wtrdFuADpldciGT86RglAk0vRH7UDpaX8 Github setevoy2 SSH (RSA)

2048 SHA256:SAdCEuO3MRMe+Jfo3310OBPDFbYhodlsBxiomF2THHw /home/setevoy/Work/aws-credentials/mobilebackend-bastion-stage-us-east-2.pem (RSA)

2048 SHA256:/MV7A6GRRYRMWyKWINy5xfFp94+2F90Pai3hLC3uFVQ /home/setevoy/Work/aws-credentials/mobilebackend-stage-us-east-2.pem (RSA)

2048 SHA256:akVDdE5TwELN/RZ0ALgFphyAvRA4qiZUxItHoFTl0FY /home/setevoy/Work/aws-credentials/bm-world-production.pem (RSA)

3072 SHA256:gxWQRigVqmX5uV9FRa4j8NnfOEKCQ8YtaEtX79PoRTM /home/setevoy/AWS/setevoy-do-nextcloud-production-d10-03-11 (RSA)

Until the last key setevoy-do-nextcloud-production-d10-03-11the request does not even have time to reach – the ssh server is already starting to drop connections.

In order for the ssh client not to go through all the keys loaded by the agent, use the option IdentitiesOnly with meaning yes:

ssh -o IdentitiesOnly=yes [email protected] -i /home/setevoy/Dropbox/AWS/setevoy-do-nextcloud-production-d10-03-11

Linux rtfm-do-production-d10 4.19.0-12-cloud-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64

Last login: Sat Mar 12 14:17:55 2022 from 176.***.***.170

To make it permanent, add to ~/.ssh/config:

Host * 
       	IdentitiesOnly=yes

Done.

SSH/SSL/TLS,UNIX/Linux,Проблемы и решения,ssh,

#authentication #failures #error #solution

Leave a Comment

Your email address will not be published. Required fields are marked *