Too many authentication failures for *username*
I have a hostgator account with ssh access enabled. When trying to upload the generated .pub key file with this command:
rsync -av -e "ssh -p2222" /home/user/.ssh/key.pub [email protected]:.ssh/authorized_keys
I keep getting:
Received disconnect from 111.222.33.44: 2: Too many authentication failures for username rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: unexplained error (code 255) at io.c(601) [sender=3.0.7]
I've been toying around previously with ssh until I got the auth failure. But now it seems that the auth failure counter does not reset (been waiting more than 12 hours now, tech support "supposes" it resets after 30 min to 1 hour, and another guy told me "it resets every time you try to login with the username", jeesh).
This is driving me nuts. I even had this set up in a Slicehost custom server and had fewer issues than with these guys.
Any tips? Perhaps it's something client side and not server side.
Solution 1:
This is usually caused by inadvertently offering multiple ssh keys to the server. The server will reject any key after too many keys have been offered.
You can see this for yourself by adding the -v flag to your ssh command to get verbose output. You will see that a bunch of keys are offered, until the server rejects the connection saying: "Too many authentication failures for [user]". Without verbose mode, you will only see the ambiguous message "Connection reset by peer".
To prevent irrelevant keys from being offered, you have to explicitly specify this in every host entry in the ~/.ssh/config (on the client machine) file by adding IdentitiesOnly like so:
Host www.somehost.com
IdentityFile ~/.ssh/key_for_somehost_rsa
IdentitiesOnly yes
Port 22
If you use the ssh-agent, it helps to run ssh-add -D to clear the identities.
If you are not using any ssh hosts configuration, you have to explicitly specify the correct key in the ssh command like so:
ssh -i some_id_rsa -o 'IdentitiesOnly yes' them@there:/path/
Note: the 'IdentitiesOnly yes' parameter needed to be between quotes.
or
ssh -i some_id_rsa -o IdentitiesOnly=yes them@there:/path/
Solution 2:
I found an easier way to do this (if using password authentication):
ssh -o PubkeyAuthentication=no [email protected]
This forces non-key authentication. I was able to logon immediately.
Reference
Solution 3:
I was getting this error too and found that it was happening b/c the server was configured to accept up to 6 tries:
/etc/ssh/sshd_config
...
...
#MaxAuthTries 6
In addition to setting the IdentitiesOnly yes in your ~/.ssh/config file you have a couple of other options.
- Increase the
MaxAuthTries(on the ssh server) - delete some of the key pairs you have present in your
~/.ssh/directory & runssh-add -D - explicitly link a key to a given host in your
~/.ssh/configfile
Like so:
host foo
hostname foo.example.com
IdentityFile /home/YOU/.ssh/foo
Is probably not a good way to go about it, given it weakens your ssh server a bit since it'll now accept more keys in a given connection attempt. Think brute force attack vectors here.
Is a good way to go assuming you have keys that are not needed and can be permanently deleted.
And the approach of setting IdentitiesOnly are probably the preferred ways of dealing with this issue!
Solution 4:
I added to ~/.ssh/config this:
Host *
IdentitiesOnly yes
It enables option IdentitiesOnly=yes by default. If you'll need to connect with private key, you should specify it with option -i