ssh: Received disconnect from 127.0.0.1: 2: Too many authentication failures for XXXX

Lars Noodén lars.nooden at gmail.com
Fri Jun 28 13:29:31 UTC 2013 

On 06/28/2013 01:50 PM, Paul Sutton wrote:
> On 28/06/13 11:42, Lars Noodén wrote:
>> When trying to connect to the local host using ssh,
>>
>> 	ssh 127.0.0.1
>>
>> I get this error:
>>
>> 	Received disconnect from 127.0.0.1: 2: Too many
>> 	authentication failures for XXXX
>>
>> It appears that for some reason Lubuntu's agent somehow arbitrarily
>> pulls in some keys and, despite not being asked to, tries to use them
>> for authentication and won't let me try the password.
>>
>> If I list the keys in the agent (ssh-add -L) then it lists 7 public
>> keys, none of which I put there, none of which should be there.  If
>> anything there should be private keys in the agent.  If I remove the
>> keys (ssh-add -D) then they are still there when I check again.
>>
>> Looking at the output for the server, it looks like it keeps trying keys
>> until the max limit for failed logins is reached.
>>
>> I read on the net[1] about work-arounds using IdentitiesOnly, but IMHO
>> the agent (or whatever's involved) should not be getting in the way like
>> this in the first place.  What can I set in the way of agents so that
>> this 'authentication failures' error no longer happens?  Are others able
>> to get this error, too?
>>
>> Regards,
>> /Lars
>>
>> [1]
>> http://wesdeboer.com/received-disconnect-from-too-many-authentication-failures-for-ubuntu/
>>
> 
> 
> I have have just  tried this
> 
> psutton at e-machines:~$ ssh 127.0.0.1
> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
> ECDSA key fingerprint is :8a:a0:82:b8.
> Are you sure you want to continue connecting (yes/no)? ys
> Please type 'yes' or 'no': yes
> Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
> psutton at 127.0.0.1's password:
> Permission denied, please try again.
> psutton at 127.0.0.1's password:
> Welcome to Ubuntu 13.04 (GNU/Linux 3.8.0-23-generic i686)
> 
>  * Documentation:  https://help.ubuntu.com/
> 
> 33 packages can be updated.
> 14 updates are security updates.
> 
> Last login: Sat Jun 15 11:32:40 2013
> psutton at e-machines:~$
> 
> I have masked out some of the fingerprint, 
> 
> hope this helps and to answer my own question i guess the answer there
> is no, as by default I am logging in as my self over a secure connection
> to myself (is that right ?)
> 
> Paul

Your ~/.ssh/ directory has fewer than six public keys though, doesn't it?

If I start with an empty ~/.ssh/ directory, then there is no problem.
If I have fewer than six public keys in the directory, then there is no
problem.  If I have six or more public keys, then somehow they are
getting added to the agent in such a way as to interfere with regular
login.

This isn't a problem with the regular ssh agent, this seems to be
something with GNOME utilities in Lubuntu or Lubuntu itself.

Regards,
/Lars

More information about the Lubuntu-users mailing list