Cyberduck Mountain Duck CLI

#11615 closed enhancement (fixed)

Too many authentication failures with many keys available in ssh-agent

Reported by: hegish Owned by: dkocher
Priority: normal Milestone: 7.9.0
Component: sftp Version: 7.8.3
Severity: normal Keywords:
Cc: Architecture:
Platform: macOS 10.14


Dear Cyberduck team, with v7.8.3 I get "too many authentication failures" for a login. v7.7.2 works fine, as does the ssh login via terminal. The login is configured in the ssh config file and uses a ssh key based login via ssh-agent. In the ssh config I have to set 'IdentitiesOnly yes', otherwise the server usually rejects a login as there are many keys in my ssh agent. Is it possible Cyberduck tries all the keys from the ssh-agent which then leads to the "too many authentication failures" at some point?

many TIA

Change History (6)

comment:1 Changed on Mar 24, 2021 at 4:27:34 PM by dkocher

  • Component changed from core to sftp
  • Owner set to dkocher
  • Summary changed from SFTP too many authentication failures to Too many authentication failures with many keys available in ssh-agent

I can confirm this is probably the cause as we try agent based authentication first.

comment:2 Changed on Mar 24, 2021 at 4:27:52 PM by dkocher

IdentitiesOnly Specifies that ssh(1) should only use the authentication identity files configured in the ssh_config files, even if ssh-agent(1) offers more identities. The argument to this keyword must be yes or no. This option is intended for situations where ssh-agent offers many different identities. The default is no.

comment:3 Changed on Mar 24, 2021 at 4:30:24 PM by dkocher

  • Type changed from defect to enhancement

Relates to #9964.

comment:4 Changed on Mar 24, 2021 at 4:32:38 PM by dkocher

  • Milestone set to 8.0
  • Status changed from new to assigned

We will see if we can add support for the IdentitiesOnly directive from the OpenSSH configuration.

comment:5 Changed on May 4, 2021 at 11:17:55 AM by dkocher

Could you please share your OpenSSH configuration for reference.

comment:6 Changed on May 5, 2021 at 11:38:55 AM by dkocher

  • Milestone changed from 8.0 to 7.9.0
  • Resolution set to fixed
  • Status changed from assigned to closed

In r51231.

Note: See TracTickets for help on using tickets.