Reset “Too many authentication failures” on ubuntu without server access Unicorn Meta Zoo #1: Why another podcast? Announcing the arrival of Valued Associate #679: Cesar Manara Come Celebrate our 10 Year Anniversary!Stop ssh client from offering all the public keys it can find?OpenSSH on Ubuntu 10.10 (Maverick): should ~/.ssh/authorized_keys file be generated automatically?Fix “too many authentication failures”Able to connect by SSH, but not x2goSSH aborts with Too many authentication failuresOpenSSH daemon ignores ServerKeyBits directiveAuthorizedKeysFile line commented out but still seems to workConnection closed by remote host Couldn't read packet: Connection reset by peerOpenSSH passwordless ssh with multiple identity key filesSSH Public Key Management for a small team
What's parked in Mil Moscow helicopter plant?
Is there a verb for listening stealthily?
Israeli soda type drink
What to do with someone that cheated their way though university and a PhD program?
When does Bran Stark remember Jamie pushing him?
Why isn't everyone flabbergasted about Bran's "gift"?
Are these square matrices always diagonalisable?
Putting Ant-Man on house arrest
Raising a bilingual kid. When should we introduce the majority language?
How would you suggest I follow up with coworkers about our deadline that's today?
Is Bran literally the world's memory?
What was Apollo 13's "Little Jolt" after MECO?
How long can a nation maintain a technological edge over the rest of the world?
false 'Security alert' from Google - every login generates mails from 'no-reply@accounts.google.com'
What is /etc/mtab in Linux?
Why I cannot instantiate a class whose constructor is private in a friend class?
using NDEigensystem to solve the Mathieu equation
What *exactly* is electrical current, voltage, and resistance?
Could a cockatrice have parasitic embryos?
Protagonist's race is hidden - should I reveal it?
Getting AggregateResult variables from Execute Anonymous Window
Will I lose my paid in full property
Coin Game with infinite paradox
Philosophers who were composers?
Reset “Too many authentication failures” on ubuntu without server access
Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar Manara
Come Celebrate our 10 Year Anniversary!Stop ssh client from offering all the public keys it can find?OpenSSH on Ubuntu 10.10 (Maverick): should ~/.ssh/authorized_keys file be generated automatically?Fix “too many authentication failures”Able to connect by SSH, but not x2goSSH aborts with Too many authentication failuresOpenSSH daemon ignores ServerKeyBits directiveAuthorizedKeysFile line commented out but still seems to workConnection closed by remote host Couldn't read packet: Connection reset by peerOpenSSH passwordless ssh with multiple identity key filesSSH Public Key Management for a small team
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I was recently given a bunch of keys and a bunch of servers and had to do some detective work to figure out which key matched which server. After a few tries (maybe 3?) SSH locked me out. My guess is due to the MaxAuthTries setting. We have tracked down the correct key but now I can't use it because of the error message:
Too many authentication failures for ubuntu
Authentication failed.
I thought restarting the server would work but no luck. Even trying to SSH in with root gives me the same error. It seems a bit weird that I would get completely locked out of a server due to this and it would never reset. Is there something I'm missing about how to reset this? It's actually hard to google for information about this because everyone experiencing this problem seems to have a bunch of keys in ~/.ssh that a dumb client in cycling through but I am setting my key very specifically:
ssh <user>@<ip-address> -i /path/to/pem.pem
Thank you!
ssh ssh-keys
asked Sep 12 '17 at 12:58
TonyTony
60131120
add a comment |
I was recently given a bunch of keys and a bunch of servers and had to do some detective work to figure out which key matched which server. After a few tries (maybe 3?) SSH locked me out. My guess is due to the MaxAuthTries setting. We have tracked down the correct key but now I can't use it because of the error message:
Too many authentication failures for ubuntu
Authentication failed.
I thought restarting the server would work but no luck. Even trying to SSH in with root gives me the same error. It seems a bit weird that I would get completely locked out of a server due to this and it would never reset. Is there something I'm missing about how to reset this? It's actually hard to google for information about this because everyone experiencing this problem seems to have a bunch of keys in ~/.ssh that a dumb client in cycling through but I am setting my key very specifically:
ssh <user>@<ip-address> -i /path/to/pem.pem
Thank you!
ssh ssh-keys
asked Sep 12 '17 at 12:58
TonyTony
60131120
add a comment |
I was recently given a bunch of keys and a bunch of servers and had to do some detective work to figure out which key matched which server. After a few tries (maybe 3?) SSH locked me out. My guess is due to the MaxAuthTries setting. We have tracked down the correct key but now I can't use it because of the error message:
Too many authentication failures for ubuntu
Authentication failed.
I thought restarting the server would work but no luck. Even trying to SSH in with root gives me the same error. It seems a bit weird that I would get completely locked out of a server due to this and it would never reset. Is there something I'm missing about how to reset this? It's actually hard to google for information about this because everyone experiencing this problem seems to have a bunch of keys in ~/.ssh that a dumb client in cycling through but I am setting my key very specifically:
ssh <user>@<ip-address> -i /path/to/pem.pem
Thank you!
ssh ssh-keys
asked Sep 12 '17 at 12:58
TonyTony
60131120
I was recently given a bunch of keys and a bunch of servers and had to do some detective work to figure out which key matched which server. After a few tries (maybe 3?) SSH locked me out. My guess is due to the MaxAuthTries setting. We have tracked down the correct key but now I can't use it because of the error message:
Too many authentication failures for ubuntu
Authentication failed.
I thought restarting the server would work but no luck. Even trying to SSH in with root gives me the same error. It seems a bit weird that I would get completely locked out of a server due to this and it would never reset. Is there something I'm missing about how to reset this? It's actually hard to google for information about this because everyone experiencing this problem seems to have a bunch of keys in ~/.ssh that a dumb client in cycling through but I am setting my key very specifically:
ssh <user>@<ip-address> -i /path/to/pem.pem
Thank you!
ssh ssh-keys
ssh ssh-keys
asked Sep 12 '17 at 12:58
TonyTony
60131120
asked Sep 12 '17 at 12:58
TonyTony
60131120
asked Sep 12 '17 at 12:58
TonyTony
60131120
asked Sep 12 '17 at 12:58
TonyTony
60131120
asked Sep 12 '17 at 12:58
TonyTony
60131120
60131120
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Just an idea in case you should not have locked yourself out of all the machines - try each key on all servers until you get a bingo. This way at least three keys will find their server. And usually that lockout doesn't last forever. Then you can find the servers for the next three keys.
Furthermore, in most cases the lockout is IP specific or at least subnet specific. So if you can try from other locations with other IPs (for example the three servers you were able to log in), you might have three more tries for each IP.
Can't tell more about your lockouts, because there are many ways to get it configured - and you didn't even give a hint what OS and flavour your servers are.
EDIT:
"I said ubuntu" - sorry I missed this well visible detail. Ubuntu (at least up to 16.04) does not come with any type of lockout by default, so it must have been added somehow.
You wrote "a bunch of keys and a bunch of servers", so I came up with the idea above, to at least get to your other servers faster.
Because you use -i, it can't be the issue described elsewhere as caused by gnome key daemon offering multiple keys in a row until sshd rejects.
MaxAuthTries can't be the culprit either, because it only limits login tries per connection (it defaults to 6). Next connection you have 6 more tries.
There are many ways to limit login attempts; fail2ban is one of them, denyhosts another one, and you can find many more.
Looks like you are concentrating on only one of your servers. If you manage to log into one of the others, you can find out how this lockout is achieved. If you can't solve your problem with the information you find there, other people here might be able to help.
Re-reading your post I stumbled on "bunch of keys". Even though -i should make your ssh command use only the key you gave it, you may add -v flag to your ssh command. This way you can see what ssh is trying to do or wether the server cuts it off immediately.
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
add a comment |
Do try to ssh in verbose mode (ssh -vv) to double check that you are only offering the one key. Occasionally a client would present keys from an agent even if you use -i. Ideally, try the following to:
- Prevent the use of agent
- Get verbose output
Put the options in front... just in case.
env -u SSH_AUTH_SOCK ssh -vv -i /path/to/pem.pem -l user ip-address
answered Apr 17 at 13:18
chutzchutz
6,2141947
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f873277%2freset-too-many-authentication-failures-on-ubuntu-without-server-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Just an idea in case you should not have locked yourself out of all the machines - try each key on all servers until you get a bingo. This way at least three keys will find their server. And usually that lockout doesn't last forever. Then you can find the servers for the next three keys.
Furthermore, in most cases the lockout is IP specific or at least subnet specific. So if you can try from other locations with other IPs (for example the three servers you were able to log in), you might have three more tries for each IP.
Can't tell more about your lockouts, because there are many ways to get it configured - and you didn't even give a hint what OS and flavour your servers are.
EDIT:
"I said ubuntu" - sorry I missed this well visible detail. Ubuntu (at least up to 16.04) does not come with any type of lockout by default, so it must have been added somehow.
You wrote "a bunch of keys and a bunch of servers", so I came up with the idea above, to at least get to your other servers faster.
Because you use -i, it can't be the issue described elsewhere as caused by gnome key daemon offering multiple keys in a row until sshd rejects.
MaxAuthTries can't be the culprit either, because it only limits login tries per connection (it defaults to 6). Next connection you have 6 more tries.
There are many ways to limit login attempts; fail2ban is one of them, denyhosts another one, and you can find many more.
Looks like you are concentrating on only one of your servers. If you manage to log into one of the others, you can find out how this lockout is achieved. If you can't solve your problem with the information you find there, other people here might be able to help.
Re-reading your post I stumbled on "bunch of keys". Even though -i should make your ssh command use only the key you gave it, you may add -v flag to your ssh command. This way you can see what ssh is trying to do or wether the server cuts it off immediately.
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
add a comment |
Just an idea in case you should not have locked yourself out of all the machines - try each key on all servers until you get a bingo. This way at least three keys will find their server. And usually that lockout doesn't last forever. Then you can find the servers for the next three keys.
Furthermore, in most cases the lockout is IP specific or at least subnet specific. So if you can try from other locations with other IPs (for example the three servers you were able to log in), you might have three more tries for each IP.
Can't tell more about your lockouts, because there are many ways to get it configured - and you didn't even give a hint what OS and flavour your servers are.
EDIT:
"I said ubuntu" - sorry I missed this well visible detail. Ubuntu (at least up to 16.04) does not come with any type of lockout by default, so it must have been added somehow.
You wrote "a bunch of keys and a bunch of servers", so I came up with the idea above, to at least get to your other servers faster.
Because you use -i, it can't be the issue described elsewhere as caused by gnome key daemon offering multiple keys in a row until sshd rejects.
MaxAuthTries can't be the culprit either, because it only limits login tries per connection (it defaults to 6). Next connection you have 6 more tries.
There are many ways to limit login attempts; fail2ban is one of them, denyhosts another one, and you can find many more.
Looks like you are concentrating on only one of your servers. If you manage to log into one of the others, you can find out how this lockout is achieved. If you can't solve your problem with the information you find there, other people here might be able to help.
Re-reading your post I stumbled on "bunch of keys". Even though -i should make your ssh command use only the key you gave it, you may add -v flag to your ssh command. This way you can see what ssh is trying to do or wether the server cuts it off immediately.
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
add a comment |
Just an idea in case you should not have locked yourself out of all the machines - try each key on all servers until you get a bingo. This way at least three keys will find their server. And usually that lockout doesn't last forever. Then you can find the servers for the next three keys.
Furthermore, in most cases the lockout is IP specific or at least subnet specific. So if you can try from other locations with other IPs (for example the three servers you were able to log in), you might have three more tries for each IP.
Can't tell more about your lockouts, because there are many ways to get it configured - and you didn't even give a hint what OS and flavour your servers are.
EDIT:
"I said ubuntu" - sorry I missed this well visible detail. Ubuntu (at least up to 16.04) does not come with any type of lockout by default, so it must have been added somehow.
You wrote "a bunch of keys and a bunch of servers", so I came up with the idea above, to at least get to your other servers faster.
Because you use -i, it can't be the issue described elsewhere as caused by gnome key daemon offering multiple keys in a row until sshd rejects.
MaxAuthTries can't be the culprit either, because it only limits login tries per connection (it defaults to 6). Next connection you have 6 more tries.
There are many ways to limit login attempts; fail2ban is one of them, denyhosts another one, and you can find many more.
Looks like you are concentrating on only one of your servers. If you manage to log into one of the others, you can find out how this lockout is achieved. If you can't solve your problem with the information you find there, other people here might be able to help.
Re-reading your post I stumbled on "bunch of keys". Even though -i should make your ssh command use only the key you gave it, you may add -v flag to your ssh command. This way you can see what ssh is trying to do or wether the server cuts it off immediately.
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
Just an idea in case you should not have locked yourself out of all the machines - try each key on all servers until you get a bingo. This way at least three keys will find their server. And usually that lockout doesn't last forever. Then you can find the servers for the next three keys.
Furthermore, in most cases the lockout is IP specific or at least subnet specific. So if you can try from other locations with other IPs (for example the three servers you were able to log in), you might have three more tries for each IP.
Can't tell more about your lockouts, because there are many ways to get it configured - and you didn't even give a hint what OS and flavour your servers are.
EDIT:
"I said ubuntu" - sorry I missed this well visible detail. Ubuntu (at least up to 16.04) does not come with any type of lockout by default, so it must have been added somehow.
You wrote "a bunch of keys and a bunch of servers", so I came up with the idea above, to at least get to your other servers faster.
Because you use -i, it can't be the issue described elsewhere as caused by gnome key daemon offering multiple keys in a row until sshd rejects.
MaxAuthTries can't be the culprit either, because it only limits login tries per connection (it defaults to 6). Next connection you have 6 more tries.
There are many ways to limit login attempts; fail2ban is one of them, denyhosts another one, and you can find many more.
Looks like you are concentrating on only one of your servers. If you manage to log into one of the others, you can find out how this lockout is achieved. If you can't solve your problem with the information you find there, other people here might be able to help.
Re-reading your post I stumbled on "bunch of keys". Even though -i should make your ssh command use only the key you gave it, you may add -v flag to your ssh command. This way you can see what ssh is trying to do or wether the server cuts it off immediately.
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
edited Sep 12 '17 at 15:58
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
answered Sep 12 '17 at 13:28
TomTomTomTomTomTom
57116
57116
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
add a comment |
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
I know the key for the server so the detective work is done. I said Ubuntu
– Tony
Sep 12 '17 at 13:35
add a comment |
Do try to ssh in verbose mode (ssh -vv) to double check that you are only offering the one key. Occasionally a client would present keys from an agent even if you use -i. Ideally, try the following to:
- Prevent the use of agent
- Get verbose output
Put the options in front... just in case.
env -u SSH_AUTH_SOCK ssh -vv -i /path/to/pem.pem -l user ip-address
answered Apr 17 at 13:18
chutzchutz
6,2141947
add a comment |
Do try to ssh in verbose mode (ssh -vv) to double check that you are only offering the one key. Occasionally a client would present keys from an agent even if you use -i. Ideally, try the following to:
- Prevent the use of agent
- Get verbose output
Put the options in front... just in case.
env -u SSH_AUTH_SOCK ssh -vv -i /path/to/pem.pem -l user ip-address
answered Apr 17 at 13:18
chutzchutz
6,2141947
add a comment |
Do try to ssh in verbose mode (ssh -vv) to double check that you are only offering the one key. Occasionally a client would present keys from an agent even if you use -i. Ideally, try the following to:
- Prevent the use of agent
- Get verbose output
Put the options in front... just in case.
env -u SSH_AUTH_SOCK ssh -vv -i /path/to/pem.pem -l user ip-address
answered Apr 17 at 13:18
chutzchutz
6,2141947
Do try to ssh in verbose mode (ssh -vv) to double check that you are only offering the one key. Occasionally a client would present keys from an agent even if you use -i. Ideally, try the following to:
- Prevent the use of agent
- Get verbose output
Put the options in front... just in case.
env -u SSH_AUTH_SOCK ssh -vv -i /path/to/pem.pem -l user ip-address
answered Apr 17 at 13:18
chutzchutz
6,2141947
answered Apr 17 at 13:18
chutzchutz
6,2141947
answered Apr 17 at 13:18
chutzchutz
6,2141947
answered Apr 17 at 13:18
chutzchutz
6,2141947
6,2141947
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f873277%2freset-too-many-authentication-failures-on-ubuntu-without-server-access%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
