ssh: too many authentication failures

Did you follow along with the instructions to make ssh connections "automatic" and "secure" with your favorite servers by transferring your public keys to the authorizedKeys file an then editing your ~/.ssh/config?

The .ssh/config file fills up with entries like this

Host * *
IdentityFile ~/.ssh/pjfedora-20111114
IdentitiesOnly yes

Host svn.*
IdentityFile ~/.ssh/PaulJohnson-id_rsa-20110510
IdentitiesOnly yes

If you did that for a few servers (and it is, well, required on lots of servers I use), then you will start to get this error when you try to connect to the places that used to work:

$ ssh
Kernel 3.10.0-123.13.2.el7.x86_64 on an x86_64
Received disconnect from 2: Too many authentication failures for pauljohn

It used to work, but no more. The ssh system is reading your ~.ssh/config file, finding lots of identities in there, throwing them at the remote server, and the server's patience is exhausted with your and you get rejected.

To work around this, you have to tell the remote system to not try to use your keys. I find both of these work, don't know if one is preferred to the other:

$ ssh -o IdentitiesOnly=yes

$ ssh -o PubkeyAuthentication=no

Both of those work for me.

To me, the very difficult thing is to remember either one of those because I forget 99% of the time that I need to do that. So I wrote it in the blog, and I can't forget. Can I?


Do not follow the advice you see on some Websites that you should insert

IdentitiesOnly yes

at the top of yoru config file. We found that several connections that were otherwise valid would fail after making that change. We had weird problems with SparkleShare after that change, for example.


Don't make your server less secure by allowing more failed logins. How silly is that 🙂

About pauljohn

Paul E. Johnson is a Professor of Political Science at the University of Kansas. He is an avid Linux User, an adequate system administrator and C programmer, and humility is one of his greatest strengths.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply