In the past I've been able to ssh as one user (user1) to another system as a different user (e.g., user2). So for example, let's say I'm on host1 as user1 and I want to login to host2 as a user2; I would use the following command:
ssh user2@host2
And this used to work, prior to today.
To get this to work, I added the public key (
~/.ssh/id_rsa.pub) of the private key (~/.ssh/id_rsa) being used (onuser1@host1) touser2@host2/.ssh/authorized_keys.
Today, I'm getting the error Too many authentication failures:
ssh -v user2@host2
. . .
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa2
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa1
debug1: Offering RSA public key: /home/user1/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Received disconnect from 10.22.3.4 port 22:2: Too many authentication failures
Authentication failed.
I can successfully login as user1@host2; so this works:
ssh host2
So I know that host1 and host2support ssh keybased authentication.
(Q) What commands can I use to troubleshoot this?
(Q) What are common log files I can check to look for errors/clues as to why this is failing?
(Q) What are common reasons for getting the error Too many authentication failures?
What I've tried
Reset login failures
In the past when I got this error, I would use sudo pam_tally2 -u user2 -r on the host host2. This would reset the login failures count. However, after running this command, the login failure count remains zero even though I get the Too many authentication failures error message. So it appears that this error isn't actually counted as a login failure (at least not by pam_tally2).
Double-check the public key is set properly
I've verified that the public key in user1@host1:.ssh/id_rsa.pub is in the user2@host2:.ssh/authorized_keys file.
Double-check the permissions on the files are locked down.
I've verified that the permissions on the files are correct.
drwx------ # Dir: user2@host2:.ssh
-r-------- # File: user2@host2:.ssh/authorized_keys
Searches on StackOverflow
Found this which is very similar to my question.
- Troubleshoot SSH connection problem - My question is a little more specific in the error I'm getting is Too many authentication failures.
Google searches for answers
I've tried Google search on troubleshooting ssh login failures and got more hits than I can summarize here. So there are a lot of potential issues.
- Found https://docs.digitalocean.com/support/how-to-troubleshoot-ssh-authentication-issues/#:~:text=Make%20sure%20the%20authorized_keys%20file,properly%20configured%20for%20the%20session. - Lists several things to check.
Googled for common pam errors with ssh login failures and found
Still searching for answer
ssh-keygen -t ed25519asuser1onhost1and copy the public key (id_ed25519.pub) touser2@host2:/.ssh/directory. The permissions of the.sshdirectory ofuser2should be700. Also please check theSELinuxlabel of the directory usingls -ldZ ~/.sshofuser2. Maybe there are weird characters in your.pubfile. How did you copy it? Use i.e:sed -n l ~/.ssh/id_rsa.puband see what line endings are being used. – Valentin Bajrami Jan 30 '23 at 22:32user2@host2:.ssh/directory and it is700and SELinux label issystem_u:object_r:default_t:s0but I have no idea what this means. – PatS Jan 30 '23 at 22:36host2server see's that this user has had too many authentication failures and drops the connection. – PatS Jan 30 '23 at 22:37restorecon -vvRFon the.sshdir. It won't hurt. Also try to pass -vvv to the ssh command when connecting to host2. And did you try thesedpart? – Valentin Bajrami Jan 30 '23 at 22:56ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub(see https://askubuntu.com/questions/53553/how-do-i-retrieve-the-public-key-from-a-ssh-private-key), and now things work. Now I am confused as to who changed the private/pub keys and when. – PatS Jan 30 '23 at 23:00