3 Ways to fix SSH Too many authentication failures

Table of Contents

This article will cover how to fix Too many authentication failures for usernames in 3 ways.

Too many authentication failures Error

Error example 1:
Received disconnect from 192.168.3.123 port 22:2: Too many authentication failures
Disconnected from 192.168.3.123 port 22

Error Example 2:
Too many authentication failures

Sep 19 16:21:24 ubuntu sshd[192635]: error: maximum authentication attempts exceeded for testfest from 192.168.6.124 port 54324 ssh2 []
Sep 19 16:21:24 ubuntu sshd[192635]: Disconnecting: Too many authentication failures []
Sep 19 16:21:48 ubuntu su[192609]: pam_unix(su:session): session closed for user testfest

Reason for Too many authentication failures

SSH servers are commonly setup to allow for a maximum number of attempted authentications before rejecting the attempt.

It will try all the available credentials (such as certificate, public key, and stored credentials).

this is setting for ssh servers is called “MaxAuthTries”, and the default value is 6.
When attmpting to connect to an SSH server, if we have not told our SSH client specifically which key to use with the server,

it will attempt to use all of our keys (one at a time) until it finds one that works.

If the key we need to use for the server is attempted by our client after the MaxAuthTries as configured by the server, our client will never reach the correct key and will fail its authentication attempt.

Solution for Too many authentication failures

This error appears when we make too many failed login attempts to a server.

A failed login attempt could occur for a variety of reasons but the most common reason is incorrect credentials.

Ensure we are providing the correct username and password or key file which should also be properly configured on the server.

  • Use a Specific SSH Key for a Specific SSH Server
  • Increase MaxAuthTries in SSH client

 

Use a Specific SSH Key for a Specific SSH Server in configuration file

Open our SSH configuration file in our favorite editor:

vi ~/.ssh/config

At the bottom of the file, add the following information:

#
Host *.hostname
PreferredAuthentications publickey
IdentityFile ~/.ssh/ourkeyfile
Port 22

Use a Specific SSH Key for a Specific SSH Server in command line

we can use ssh -i keyfile ip or hostname to connect our server.

Increase MaxAuthTries in SSH

# vi /etc/ssh/sshd_config or (sudo vi /etc/ssh/sshd_config)

we will see the “MaxAuthTries 6” .

  • Click “i” to enter the editing mode in the file.
  • After modifying “MaxAuthTries” to 10, we can click on ”Esc” and type “:wq” to save and exit the file.
  • Fire the command “service sshd restart” or “sudo service sshd restart” in order to apply changes made in the file.

More info about MaxAuthTries in SSH

The MaxAuthTries setting tells the ssh daemon how many different authentication attempts a user can try before it disconnects.

Each ssh key loaded into ssh-agent counts as one authentication attempt.

The default is 6 because many users have multiple ssh keys loaded into ssh-agent so that we can automatically log into different hosts that use different ssh keys.

Trying more than one ssh key isn’t the same as thumb-fingering a password — ssh is designed to allow for multiple key attempts.

After the ssh connection attempts all of our ssh keys and we haven’t run out of attempts and passwords are enabled we will eventually get a password prompt.

 

Table of Contents

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

You might also like