Home / server / Questions / 36291
Accepted
user11722
Asked: 2009-07-07 03:56:55 +0800 CST

How to recover from "Too many Authentication Failures for user root"

  • 772

I've done several attempts to establish SSH-connecton for user root@host using putty terminal. While doing so I specified wrong credentials several times and after that I've specified them correctly, and then after the credentials were accepted the ssh session breaks with

"Server unexpectedly closed network connection".

This error is reported by putty terminal. When trying to ssh root@localhost from the local console - it works fine. It also works fine when I ssh otheruser@host from other host. So network connectivity issues are not guilty. The only error I am thinking of is: "Too many Authentication Failures for user root" although putty reported a different error.

The question is: how to recover from this error condition and let putty login again? Restarting sshd seems to not help

ssh putty

22 Answers

  1. "Too many Authentication Failures for user root" means that Your SSH server's MaxAuthTries limit was exceeded. It happens so that Your client is trying to authenticate with all possible keys stored in /home/USER/.ssh/ .

    This situation can be solved by these ways:

    1. ssh -i /path/to/id_rsa root@host
    2. Specify Host/IdentityFile pair in /home/USER/.ssh/config

    A single host in the config file should look something like this:

    Host example.com
  IdentityFile /home/USER/.ssh/id_rsa

    You can also set the user so you don't need to enter it on the command line and shorten long FQDN's too, see this example:

    host short
  IdentityFile /home/USER/.ssh/id_rsa
  User someuser
  HostName really-long-domain.example.com

    You then connect to the really-long-domain.example.com server with:

    ssh short

    Note: if you choose to use only the second option, and try to use ssh example.com you will still get errors (if that;s what brought you here), the short version will not give the errors, you can also use both options so you can ssh [email protected] without the errors.

    1. Increase MaxAuthTries value on the SSH server in /etc/ssh/sshd_config (not recommended).
    • 163

  2. If you get the following SSH Error:

    $ Received disconnect from host: 2: Too many authentication failures for root

    This could happen if you have (default on my system) five or more DSA/RSA identity files stored in your .ssh directory. In this case if the -i option isn't specified at the command line the ssh client will first attempt to login using each identity (private key) and next prompt for password authentication. However, sshd drops the connection after five bad login attempts (again default may vary).

    So if you have a number of private keys in your .ssh directory you could disable Public Key Authentication at the command line using the -o optional argument.

    For example:

    $ ssh -o PubkeyAuthentication=no root@host
    • 146

  3. On the remote machine open /etc/sshd_config and change value

    MaxAuthTries 30

    This is typical problem when You have installed multiple keys or open multiple connections. Server checking step by step each key and if MaxAuthTries is setup on 3 then after first 3`rd tries will disconnect You. Typical ssh security.

    I suggest You to use verbose mode during connection to remote machine to analyze problem.

    ssh -v -p port_number user@servername

    Guessing like most poeple on this forum do is WRONG and its wasting of time. First try to analyze problem, collect informations and then ask.

    Have fun.

    • 23

  4. For me this problem was solved by creating the below ssh_config for the host I was connecting to.

    (~/.ssh/config)

    Host example
HostName example.com
User admin
IdentityFile ~/path/to/ssh_key_rsa
IdentitiesOnly=yes

    The problem occurred because I have way too many ssh keys in my ~/.ssh folder, like 16 or so. And without both of those IdentityFile AND IdentitiesOnly directives in the config, my machine was apparently trying all of the keys in ~/.ssh and reaching the max number of attempts before attempting the correct IdentityFile.

    • 23
  5. Best Answer

    Are you sure that root login to ssh is allowed?

    Check sshd_config and verify that root login is permitted. sshd will need to be restarted if the setting changes.

    • 12

  6. This is bad practice. Just have a regular user on the remote box and connect through ssh using it, then gain root access using su/sudo.

    • 12

  7. To temporarily address this issue until things can be fully addressed as noted elsewhere, you can reset a user's PAM tally so they can try again:

    pam_tally --reset --user <USERNAME>
pam_tally2 --reset --user <USERNAME>
    • 9

  8. I would recommend you, as Anon above posted, use another user to gain ssh access then use the su command to gain root access.

    Also make sure to enable PermitRootLogin in the /etc/ssh/sshd_config file on the server.

    • 6

  9. I also faced the same issue. This can easily happen if you are using Pageant and have a large number of keys loaded into it, since these servers count each offer of a public key as an authentication attempt.

    (This advice is taken from here.)

    • 6

  10. I fixed this problem in my systems by running following commands:

    eval $(ssh-agent)
ssh-add  ~/.ssh/keyname

    Then trying ssh in remote machine

    • 6