Results 1 to 5 of 5

Thread: ssh connection problem

  1. #1
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default ssh connection problem


    I try to ssh to my laptop, local network.

    Code:
    cer@Telcontar:~> ssh -Y cer@minas-tirith.valinor
    Received disconnect from 192.168.1.129: 2: Too many authentication
    failures for cer
    cer@Telcontar:~>
    cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -Y cer@minas-tirith.valinor
    Password:
    Last login: Wed Nov 28 22:14:52 2012 from elessar.valinor
    Have a lot of fun...
    cer@minas-tirith:~>
    Interestingly, I get the same result with putty, which I have just
    installed for the test:


    Code:
    Server sent disconnect message
    type 2 (protocol error):
    "Too many authentication failures for cer"
    and it works if I set SSH_AUTH_SOCK=""

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  2. #2
    ab NNTP User

    Default Re: ssh connection problem

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I saw the same failure the other day when a friend tried to connect to
    my box from Ubuntu. I could get in with the same user/password from my
    openSUSE laptop no problem, but he tried from Ubuntu and had the error.

    As another test, go to /etc/ssh/sshd_config (as root) and increase
    MaxAuthTries a bit to see if that also happens to help. My wild guess
    is that your client(s) are trying multiple ways of authenticating first
    before the password prompt, which is normal (GSSAPI, PublicKey,
    challenge, etc.) and as a result your server is seeing each as a failed
    authentication attempt. When you set your socket to nothing perhaps it
    skips one try and lets you actually get to the password option.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.19 (GNU/Linux)
    Comment: Using GnuPG with undefined - http://www.enigmail.net/

    iQIcBAEBAgAGBQJQtopEAAoJEF+XTK08PnB5LegQANaST+PcueGqxP0SePj4D1x6
    /m8TA6XFd7AmRvsRKa9NEbd+weQjsmisc3BTdw5nRjpleqMQubYKL1+gYe7SZy+H
    Nou+5W0kOIW/87MMdVBe3ftKkH5uYP5eV56qnZ1UWLLi6/PMG9XS/B8nrq6fit9+
    tjK9rdPo0hL8g/tswDL22Ir9pBAmbD3AXWcTWr5LghM5nEHB3BDuy4Xi4rugBXN9
    MVYCte/rNDupPmlj4TaEf2dImMF+eHBRnZIt/iqkF+1yc5ACfyt/0fXC+8oFIuwP
    4FjLpqnARG0R+syGpqe5AKOJwv2hKJN4a+Toy9XWQJky2MUmwQd5fGB7zcujwsT+
    TXgCEcGkh3vi7JvGJL1YogWF/0WQdFLVyhBuJzr1DIUnMbP4klr7IzhJyz6XN+ms
    e8UU0/eUGklu0e99XUQz6COHRESSyid6Z8CEd5Xek2C77pF/togVdAijrffmPB8x
    luyQUBrzjdQa6A5J8ipLj7npZybu9K9O7evPGUjKeGUT+WXVM1+KPNs0lYvtd0DS
    xQT5DmRrQsWiUTqavB436mRjV7uEZqB4z5tAVGJ0Yahwo9ZfmsYa6TSv9x+YgPSV
    9WgfK0Y27wEsXCjTsKn3hrK3UbrTMtj2fkPjJv9zkcL83G5xbR7IYc7wGEl6U5UL
    oGPcg01825v1YLjMakD5
    =hBRD
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: ssh connection problem

    On 2012-11-28 23:03, ab wrote:

    > As another test, go to /etc/ssh/sshd_config (as root) and increase
    > MaxAuthTries a bit to see if that also happens to help. My wild
    > guess is that your client(s) are trying multiple ways of
    > authenticating first before the password prompt, which is normal
    > (GSSAPI, PublicKey, challenge, etc.) and as a result your server is
    > seeing each as a failed authentication attempt. When you set your
    > socket to nothing perhaps it skips one try and lets you actually
    > get to the password option.


    You were right...

    The current setting is commented out:

    Code:
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    I activated that line, so a 6, reloaded the daemon and tried. Same
    error. I increased it to 12 and succeeded!

    Putty also works now. Next I have to try from Windows, I also had
    problems in the past.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  4. #4
    ab NNTP User

    Default Re: ssh connection problem

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > You were right...


    It happens.

    > The current setting is commented out:
    >
    >
    Code:
     #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes
    > #MaxAuthTries 6 #MaxSessions 10


    K, so the default was six. Nice testing by leaving it there first;
    always good to know the defaults really are what they are.

    > Putty also works now. Next I have to try from Windows, I also had
    > problems in the past.


    Platforms shouldn't matter at all; this is purely about the client and
    server. If you run 'ssh' with -vvv (or maybe it's -v -v -v... or
    either... I forget) you can see the authentication attempts being made
    by the client. If you see a bunch before password then that's the
    issue. Six would surprise me, but the proof of the pudding is the
    eating, as the saying goes.

    Good luck.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.19 (GNU/Linux)
    Comment: Using GnuPG with undefined - http://www.enigmail.net/

    iQIcBAEBAgAGBQJQtsgmAAoJEF+XTK08PnB5Nc4P/jpseM4EG64d0Gs1AUzDO2WB
    8KvOqaf7R9Nm3TNR8DLi7/8+v9/JiLGLFUThdb9uCdLcfKxsM0foYkUh55UGG/la
    LLk1x/DLDskaCo254A9UL6kwR58S72oc868YgDYI+A2uZCb6lpek2RrwVB+krUug
    fKnMCEdNcQd6oe9xM8UAz9PPjx1K57CT3hAlJI02GGCQGxN9LzdHHD3gY5N4MpE3
    pTTC3DF3ZWC83BdZLBZaQwl0APfn84Kbxs312GqrkUIjsktfo4fD5wk2rMmRUJce
    8SyuyIpBLthznT4nWIdvKD5dFkKSYN4nTUcfn9wMbZugQfY4axLdE0YHWaKDskM0
    tbGK96YX98udu7u7cIJeaeSA9629N55YsJ4aSPaqymKrq8nzog+P895GcjcJaWXb
    TSM1ttSz7PCcTPDTorcNGOMBGOoz/rUKZkBEsvf3hKvYswK0cxB3XaeynYf0RTZG
    kSZhN4o4Mb/5wZsonNfcSn5K/63PlaoSjQy7RRYK1nqChPGYpa4/slH4ZuMrrMsZ
    VQ1bG9wRpv6s94NWRTnbYsX6FO1mSNLpPpQg3NIiCYQVR+j9GVV9X0Y7dKbaJwVq
    pPUhQH1tfmRZWxdx+Hb+RW46x5HsF+5iRTDegHHf76K5au0OT+dnAgnnAjuUB7HY
    VSElJoBCNTiQ2Y0jIe4T
    =FVf+
    -----END PGP SIGNATURE-----

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: ssh connection problem

    On 2012-11-29 03:27, ab wrote:

    >> Putty also works now. Next I have to try from Windows, I also had
    >> problems in the past.

    >
    > Platforms shouldn't matter at all; this is purely about the client
    > and server. If you run 'ssh' with -vvv (or maybe it's -v -v -v...
    > or either... I forget) you can see the authentication attempts
    > being made by the client. If you see a bunch before password then
    > that's the issue. Six would surprise me, but the proof of the
    > pudding is the eating, as the saying goes.


    It is not putty which fails, it is winscp, ie ssh file transfer, I had
    forgotten. It authenticates, but it stalls at "reading directory" and
    complains that

    Code:
    
    > Host is not communicating for more than 15 seconds. Still
    > waiting... Note. If the problem repeats, try turning off "optimize
    > connection buffer size" Warning: aborting this operation will close
    > connection
    I tried that suggerence time ago without results.

    On the Linux side, I see this in the log - and no network or disk
    activity when it should be reading the directory, which is large.

    Code:
    
    > <4.6> 2012-11-29 21:32:48 Telcontar sshd 18362 - -  Accepted
    > keyboard-interactive/pam for cer from 192.168.1.33 port 49386 ssh2
    > <4.6> 2012-11-29 21:32:48 Telcontar sshd 18366 - -  subsystem
    > request for sftp by user cer
    It is version 5.0.7, I'm downloading version 5.1.1 to try.

    [...]

    It wants to reboot... how typical. I wonder what other rubbish it will
    have installed that requires a reboot :-(

    (I can not reboot now because Windows is at the time, slowly, updating
    itself)

    Trying before rebooting has the same problem.

    [...]

    Same thing after the reboot, winscp does not work towards my Linux
    machine.


    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •