I have several ssh keys in the ~/.ssh directory of my desktop machine. As a result whenever I try to connect to a system which uses password authentication I get the "Too many authentication failures" error. Yes, I know I can get round this by setting PreferredAuthentications but this is rather a nuisance to have to do individually for all systems that use password authentication. It also means that I have to do it for a 'casual' ssh access to a system which I'm unlikely to access more than once. Is there any way around this problem? -- Chris Green
On Sat, Aug 10, 2024 at 03:13:19PM +0100, Chris Green wrote:> I have several ssh keys in the ~/.ssh directory of my desktop machine. > As a result whenever I try to connect to a system which uses password > authentication I get the "Too many authentication failures" error. > > Yes, I know I can get round this by setting PreferredAuthentications > but this is rather a nuisance to have to do individually for all > systems that use password authentication. It also means that I have > to do it for a 'casual' ssh access to a system which I'm unlikely to > access more than once. > > Is there any way around this problem? >A little further clarification, I think this is because all the keys get loaded into ssh-agent when my system boots (xubuntu GUI). Thus 'ssh-add -L' lists six keys, and it's this that causes the "Too many authentication failures" error. -- Chris Green
rsbecker at nexbridge.com
2024-Aug-10 14:34 UTC
'Too many authentication failures' nuisance
On Saturday, August 10, 2024 10:13 AM, Chris Green wrote:>I have several ssh keys in the ~/.ssh directory of my desktop machine. >As a result whenever I try to connect to a system which uses password >authentication I get the "Too many authentication failures" error. > >Yes, I know I can get round this by setting PreferredAuthentications butthis is>rather a nuisance to have to do individually for all systems that usepassword>authentication. It also means that I have to do it for a 'casual' sshaccess to a system>which I'm unlikely to access more than once. > >Is there any way around this problem?Have you looked into ~/.ssh/config? You can set per-host identify files for your keys. There is a Match attribute you may be able to use for patterns matching your causal use without having to specify individual hosts for other authentication methods.
On 8/10/24 17:13, Chris Green wrote:> I have several ssh keys in the ~/.ssh directory of my desktop machine. > As a result whenever I try to connect to a system which uses password > authentication I get the "Too many authentication failures" error. > > Yes, I know I can get round this by setting PreferredAuthentications > but this is rather a nuisance to have to do individually for all > systems that use password authentication. It also means that I have > to do it for a 'casual' ssh access to a system which I'm unlikely to > access more than once. > > Is there any way around this problem?You can set IdentitiesOnly to apply to all hosts using ssh_config(5) Or you can be trickier in the configuration, but it is the IdentitiesOnly option which you need set to 'yes'. Put it and any other general rules at the end of the config file because the configration operates on a first-match basis. /Lars