"Received disconnect from IP_address:
2: too many failed userauth_requests"
After reducing MaxAuthRetries
to 3 from the default of 6 on Solaris 9's ssh server, I received this
error when trying to connect with an OpenSSH client.
Client:
ssh -V
OpenSSH_3.6.1p2, SSH protocols
1.5/2.0, OpenSSL 0x0090701f
Server:
Sun_SSH_1.0.1
By default, the OpenSSH client attempts authentication in the following
order:
"hostbased,publickey,keyboard-interactive,password''
By running the ssh server in debug mode (/usr/lib/ssh/sshd -d), I was able to
see the problem. In my case, "hostbased" authentication failed, as did
"publickey" authentication. OpenSSH presented both my ssh protocol 2
RSA and DSA identities to the ssh server, resulting in two "publickey"
authentication failures. I already had 3 failures by the time I was
presented with the password prompt, so entering the correct password
resulted in an error.
ssh hutch@server
Authorized uses only. All
activity may be monitored and reported.
hutch@server's password:
Received disconnect from
192.168.1.1: 2: too many failed userauth_requests
There are several workarounds:
1. Use public-key authentication by adding the appropriate public key
to the authorized_keys file
on the remote host. If you have more than one identity (e.g. ssh
protocol 2 DSA and RSA keys), you may want to specify the appropriate
identity with ssh -i identity_file. Recommended.
2. If you have to use password authentication, run the ssh client with ssh -o PreferredAuthentications=password to
prevent hostbased, publickey, and keyboard-interactive authentication
attempts.
3. Change MaxAuthRetries on
the ssh server to a larger value.
Back to brandonhutchinson.com.
Last modified: 09/16/2004