[PLUG] ssh: Too many authentication failures
Keith Lofstrom
keithl at kl-ic.com
Tue Aug 28 01:12:49 UTC 2007
> On Mon, 27 Aug 2007, Sandy Herring wrote:
>
> >Last week I fumble-fingered my passphrase too many times and now when I
> >attempt to tunnel to my home linux server from work I get...
> >
> >Received disconnect from 127.0.0.1: 2: Too many authentication failures
> >for foo
> >(name has been changed to protect the innocent)
> >
> >I'm able to ssh in as user "foo" from another box (but it requires two
> >hops and is thus not secure) - so ssh is somehow aware of the IP
> >requesting the connection. I googled and also searched the plug archives
...
On Mon, Aug 27, 2007 at 01:07:11PM -0700, alan wrote:
> Do you have denyhosts installed?
Keith, with more information ...
Denyhosts is a tool that adds IP addresses to /etc/hosts.deny when
there are too many failed ssh attempts. I run it, it is very useful
to stop system cracking attempts, but occasionally it will catch
fumble-fingered goodguys too. If you have denyhosts installed (and
you should if you have public-facing ssh) to use a text editor remove
the non-offending IP address from both /etc/hosts and various files
in /usr/share/denyhosts/data/*. You should also *add* the non-offending
IP to the /usr/share/denyhosts/data/allowed-hosts file, so the lockout
does not re-occur.
Or else, u shud nevre mayk tiepeng musteakz.
Keith
--
Keith Lofstrom keithl at keithl.com Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
More information about the PLUG
mailing list