ssh connection problem

I try to ssh to my laptop, local network.


cer@Telcontar:~> ssh -Y cer@minas-tirith.valinor
Received disconnect from 192.168.1.129: 2: Too many authentication
failures for cer
cer@Telcontar:~>
cer@Telcontar:~> SSH_AUTH_SOCK="" ssh -Y cer@minas-tirith.valinor
Password:
Last login: Wed Nov 28 22:14:52 2012 from elessar.valinor
Have a lot of fun...
cer@minas-tirith:~>


Interestingly, I get the same result with putty, which I have just
installed for the test:


Server sent disconnect message
type 2 (protocol error):
"Too many authentication failures for cer"

and it works if I set «SSH_AUTH_SOCK=""»


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I saw the same failure the other day when a friend tried to connect to
my box from Ubuntu. I could get in with the same user/password from my
openSUSE laptop no problem, but he tried from Ubuntu and had the error.

As another test, go to /etc/ssh/sshd_config (as root) and increase
MaxAuthTries a bit to see if that also happens to help. My wild guess
is that your client(s) are trying multiple ways of authenticating first
before the password prompt, which is normal (GSSAPI, PublicKey,
challenge, etc.) and as a result your server is seeing each as a failed
authentication attempt. When you set your socket to nothing perhaps it
skips one try and lets you actually get to the password option.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQtopEAAoJEF+XTK08PnB5LegQANaST+PcueGqxP0SePj4D1x6
/m8TA6XFd7AmRvsRKa9NEbd+weQjsmisc3BTdw5nRjpleqMQubYKL1+gYe7SZy+H
Nou+5W0kOIW/87MMdVBe3ftKkH5uYP5eV56qnZ1UWLLi6/PMG9XS/B8nrq6fit9+
tjK9rdPo0hL8g/tswDL22Ir9pBAmbD3AXWcTWr5LghM5nEHB3BDuy4Xi4rugBXN9
MVYCte/rNDupPmlj4TaEf2dImMF+eHBRnZIt/iqkF+1yc5ACfyt/0fXC+8oFIuwP
4FjLpqnARG0R+syGpqe5AKOJwv2hKJN4a+Toy9XWQJky2MUmwQd5fGB7zcujwsT+
TXgCEcGkh3vi7JvGJL1YogWF/0WQdFLVyhBuJzr1DIUnMbP4klr7IzhJyz6XN+ms
e8UU0/eUGklu0e99XUQz6COHRESSyid6Z8CEd5Xek2C77pF/togVdAijrffmPB8x
luyQUBrzjdQa6A5J8ipLj7npZybu9K9O7evPGUjKeGUT+WXVM1+KPNs0lYvtd0DS
xQT5DmRrQsWiUTqavB436mRjV7uEZqB4z5tAVGJ0Yahwo9ZfmsYa6TSv9x+YgPSV
9WgfK0Y27wEsXCjTsKn3hrK3UbrTMtj2fkPjJv9zkcL83G5xbR7IYc7wGEl6U5UL
oGPcg01825v1YLjMakD5
=hBRD
-----END PGP SIGNATURE-----

On 2012-11-28 23:03, ab wrote:

> As another test, go to /etc/ssh/sshd_config (as root) and increase
> MaxAuthTries a bit to see if that also happens to help. My wild
> guess is that your client(s) are trying multiple ways of
> authenticating first before the password prompt, which is normal
> (GSSAPI, PublicKey, challenge, etc.) and as a result your server is
> seeing each as a failed authentication attempt. When you set your
> socket to nothing perhaps it skips one try and lets you actually
> get to the password option.

You were right…

The current setting is commented out:


#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

I activated that line, so a 6, reloaded the daemon and tried. Same
error. I increased it to 12 and succeeded!

Putty also works now. Next I have to try from Windows, I also had
problems in the past.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> You were right…

It happens.

> The current setting is commented out:
>
>

 #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes
> #MaxAuthTries 6 #MaxSessions 10 

K, so the default was six. Nice testing by leaving it there first;
always good to know the defaults really are what they are.

> Putty also works now. Next I have to try from Windows, I also had
> problems in the past.

Platforms shouldn’t matter at all; this is purely about the client and
server. If you run ‘ssh’ with -vvv (or maybe it’s -v -v -v… or
either… I forget) you can see the authentication attempts being made
by the client. If you see a bunch before password then that’s the
issue. Six would surprise me, but the proof of the pudding is the
eating, as the saying goes.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQtsgmAAoJEF+XTK08PnB5Nc4P/jpseM4EG64d0Gs1AUzDO2WB
8KvOqaf7R9Nm3TNR8DLi7/8+v9/JiLGLFUThdb9uCdLcfKxsM0foYkUh55UGG/la
LLk1x/DLDskaCo254A9UL6kwR58S72oc868YgDYI+A2uZCb6lpek2RrwVB+krUug
fKnMCEdNcQd6oe9xM8UAz9PPjx1K57CT3hAlJI02GGCQGxN9LzdHHD3gY5N4MpE3
pTTC3DF3ZWC83BdZLBZaQwl0APfn84Kbxs312GqrkUIjsktfo4fD5wk2rMmRUJce
8SyuyIpBLthznT4nWIdvKD5dFkKSYN4nTUcfn9wMbZugQfY4axLdE0YHWaKDskM0
tbGK96YX98udu7u7cIJeaeSA9629N55YsJ4aSPaqymKrq8nzog+P895GcjcJaWXb
TSM1ttSz7PCcTPDTorcNGOMBGOoz/rUKZkBEsvf3hKvYswK0cxB3XaeynYf0RTZG
kSZhN4o4Mb/5wZsonNfcSn5K/63PlaoSjQy7RRYK1nqChPGYpa4/slH4ZuMrrMsZ
VQ1bG9wRpv6s94NWRTnbYsX6FO1mSNLpPpQg3NIiCYQVR+j9GVV9X0Y7dKbaJwVq
pPUhQH1tfmRZWxdx+Hb+RW46x5HsF+5iRTDegHHf76K5au0OT+dnAgnnAjuUB7HY
VSElJoBCNTiQ2Y0jIe4T
=FVf+
-----END PGP SIGNATURE-----

On 2012-11-29 03:27, ab wrote:

>> Putty also works now. Next I have to try from Windows, I also had
>> problems in the past.
>
> Platforms shouldn’t matter at all; this is purely about the client
> and server. If you run ‘ssh’ with -vvv (or maybe it’s -v -v -v…
> or either… I forget) you can see the authentication attempts
> being made by the client. If you see a bunch before password then
> that’s the issue. Six would surprise me, but the proof of the
> pudding is the eating, as the saying goes.

It is not putty which fails, it is winscp, ie ssh file transfer, I had
forgotten. It authenticates, but it stalls at “reading directory” and
complains that


> Host is not communicating for more than 15 seconds. Still
> waiting... Note. If the problem repeats, try turning off "optimize
> connection buffer size" Warning: aborting this operation will close
> connection

I tried that suggerence time ago without results.

On the Linux side, I see this in the log - and no network or disk
activity when it should be reading the directory, which is large.


> <4.6> 2012-11-29 21:32:48 Telcontar sshd 18362 - -  Accepted
> keyboard-interactive/pam for cer from 192.168.1.33 port 49386 ssh2
> <4.6> 2012-11-29 21:32:48 Telcontar sshd 18366 - -  subsystem
> request for sftp by user cer

It is version 5.0.7, I’m downloading version 5.1.1 to try.

…]

It wants to reboot… how typical. I wonder what other rubbish it will
have installed that requires a reboot :frowning:

(I can not reboot now because Windows is at the time, slowly, updating
itself)

Trying before rebooting has the same problem.

…]

Same thing after the reboot, winscp does not work towards my Linux
machine.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)