[PLUG] ssh: Too many authentication failures

Sandy Herring sandy at herring.org
Mon Aug 27 20:02:49 UTC 2007 

Last week I fumble-fingered my passphrase too many times and now when I
attempt to tunnel to my home linux server from work I get...

Received disconnect from 127.0.0.1: 2: Too many authentication failures
for foo
(name has been changed to protect the innocent)

I'm able to ssh in as user "foo" from another box (but it requires two
hops and is thus not secure) - so ssh is somehow aware of the IP
requesting the connection. I googled and also searched the plug archives
to try to discover how to reset the failure count and came up empty. I
restarted sshd, but that had no effect. If I bump MaxAuthTries in
/etc/ssh/sshd_config I can login. I'd prefer to not have to set that
higher than 2, though. I'd also like to avoid rebooting if at all
possible...

 12:52:25 up 255 days, 14:02,  6 users,  load average: 0.00, 0.05, 0.06

I'm using publickey auth. User "foo" is not disabled in /etc/shadow.
Does anyone have a clue how to reset the failure count?

Here are pertinent snippets from sshd_config:

Protocol 2
PermitRootLogin no
MaxAuthTries 2
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
MaxStartups 3:70:20
AllowUsers foo bar

And here is verbose output from the login attempt:

[sherring at pisces ~]$ ssh -v -l foo -p 1047 localhost      
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 1047.
debug1: Connection established.
debug1: identity file /home/sherring/.ssh/identity type -1
debug1: identity file /home/sherring/.ssh/id_rsa type 1
debug1: identity file /home/sherring/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/sherring/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sherring/.ssh/identity
debug1: Offering public key: /home/sherring/.ssh/id_rsa
Received disconnect from 127.0.0.1: 2: Too many authentication failures for foo

Any clues would be appreciated.

Sandy
-- 
Sandy Herring, RHCE                        o              sandy at herring.org
Peck of Pickled Pisces               __  o               http://herring.org/
*nix || Web authoring questions?  |\/ o\  o  http://herring.org/finger.html
->http://herring.org/techie.html  |/\__/     http://herring.org/pub-key.asc

More information about the PLUG mailing list