Too many authentication failures for *username*

This is usually caused by inadvertently offering multiple ssh keys to the server. The server will reject any key after too many keys have been offered.

You can see this for yourself by adding the -v flag to your ssh command to get verbose output. You will see that a bunch of keys are offered, until the server rejects the connection saying: "Too many authentication failures for [user]". Without verbose mode, you will only see the ambiguous message "Connection reset by peer".

To prevent irrelevant keys from being offered, you have to explicitly specify this in every host entry in the ~/.ssh/config (on the client machine) file by adding IdentitiesOnly like so:

Host www.somehost.com
  IdentityFile ~/.ssh/key_for_somehost_rsa
  IdentitiesOnly yes
  Port 22

If you use the ssh-agent, it helps to run ssh-add -D to clear the identities.

If you are not using any ssh hosts configuration, you have to explicitly specify the correct key in the ssh command like so: 

ssh -i some_id_rsa -o 'IdentitiesOnly yes' them@there:/path/

Note: the 'IdentitiesOnly yes' parameter needed to be between quotes.

or 

ssh -i some_id_rsa -o IdentitiesOnly=yes them@there:/path/

I found an easier way to do this (if using password authentication): 

ssh -o PubkeyAuthentication=no [email protected]

This forces non-key authentication. I was able to logon immediately.

Reference


I was getting this error too and found that it was happening b/c the server was configured to accept up to 6 tries:

/etc/ssh/sshd_config
...
...
#MaxAuthTries 6

In addition to setting the IdentitiesOnly yes in your ~/.ssh/config file you have a couple of other options.

  1. Increase the MaxAuthTries (on the ssh server)
  2. delete some of the key pairs you have present in your ~/.ssh/ directory & run ssh-add -D
  3. explicitly link a key to a given host in your ~/.ssh/config file

Like so:

host foo
hostname foo.example.com
IdentityFile /home/YOU/.ssh/foo

  1. Is probably not a good way to go about it, given it weakens your ssh server a bit since it'll now accept more keys in a given connection attempt. Think brute force attack vectors here.

  2. Is a good way to go assuming you have keys that are not needed and can be permanently deleted.

  3. And the approach of setting IdentitiesOnly are probably the preferred ways of dealing with this issue!

Tags:

Authentication

Ssh

Recent Posts