Peerobyte / Documentation / Remote Access and Setup / Connecting via OpenSSH / Troubleshooting SSH issues / Too Many Authentication Failures

Too Many Authentication Failures

Published

If you make several consecutive attempts to log in to a host using, for example, an incorrect password, you may see the following error message:

		

			
		

		Received disconnect from 203.0.113.12 port 22: 2: Too many authentication failures 
Disconnected from 203.0.113.12 port 22

This message indicates that the allowable number of authentication attempts, as specified by the host's settings, has been exceeded. The limitation on authentication attempts is necessary to prevent brute-force attacks by malicious actors attempting to guess passwords or keys.

The limit on authentication attempts can occur if you are using an overly complex password and find it difficult to enter correctly, use incorrect credentials, or if you are using an ssh-agent with many keys, which are tried sequentially each time you attempt to connect to the host, exhausting the available authentication attempts.

Possible Solutions:

Specifying the Path to the Key When Connecting to the Host

If you are using commands to connect to the host, such as ssh, scp, sftp, without specifying a particular key, ssh-agent tries all available keys when connecting. This can exhaust authentication attempts if many keys are stored in ssh-agent.

To avoid cycling through keys, specify the path to the particular private key:

		

			
		

		ssh -i <path_to_private_key> <username>@<ip_address> [-p <port>]

where:

  • <path_to_private_key> - The path to the private key of the key pair. Instructions for creating a key pair can be found in the “Creating Key Pair” section. By default, key pairs are created in the following directories:
    - Linux: /home/<username>/.ssh/;
    - Windows: C:\Users\<username>\.ssh\;
    - macOS: /Users/<username>/.ssh/.

  • <username> - The username you used when creating a new user on the server. The process of creating a new user is described in the “Creating New User” section. You can also use the root user for connection, whose password is specified in the Password field of the “Instance Details” section of the Peerobyte virtual machine or server control panel.

  • <ip_address> - The IP address of the virtual machine or server, as specified in the Main IP Address field of the “Public Network IPv4” section of the Peerobyte virtual machine or server control panel.

  • [-p <port>] - The port number for the SSH connection. This parameter is optional and only applies if the default port for SSH connections has been changed in the server settings.

For example:

		

			
		

		ssh -i  d:/test/mykey2 [email protected] -p 64743

The downside of this method is that it increases the length of commands, making them less convenient, and requires constant access to the key on the client device, which might not always be safe.

On Linux-based systems, you can enhance the security of the private key by setting read and write permissions only for the owner of the file:

		

			
		

		chmod 600 <path_to_private_key>

where:

  • <path_to_private_key> - The path to the private key of the key pair. Instructions for creating a key pair can be found in the “Creating Key Pair” section. By default, key pairs are created in the following directories:
    - On Linux: /home/<username>/.ssh/;
    - On Windows: C:\Users\<username>\.ssh\;
    - On macOS: /Users/<username>/.ssh/.

For example:

		

			
		

		chmod 600 d:/test/mykey2