Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Too many authentication failures with many keys available in ssh-agent #11615

Closed
cyberduck opened this issue Mar 18, 2021 · 7 comments
Closed
Assignees
Labels
enhancement fixed sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

f21dfa2 created the issue

Dear Cyberduck team,
with v7.8.3 I get "too many authentication failures" for a login. v7.7.2 works fine, as does the ssh login via terminal.
The login is configured in the ssh config file and uses a ssh key based login via ssh-agent.
In the ssh config I have to set 'IdentitiesOnly yes', otherwise the server usually rejects a login as there are many keys in my ssh agent.
Is it possible Cyberduck tries all the keys from the ssh-agent which then leads to the "too many authentication failures" at some point?

many TIA

@cyberduck
Copy link
Collaborator Author

@dkocher commented

I can confirm this is probably the cause as we try agent based authentication first.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

IdentitiesOnly
Specifies that ssh(1) should only use the authentication identity files configured in the ssh_config files, even if ssh-agent(1) offers more identities. The argument to this keyword must be yes or no. This option is intended for situations where ssh-agent offers many different identities. The default is no.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Relates to #9964.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We will see if we can add support for the IdentitiesOnly directive from the OpenSSH configuration.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Could you please share your OpenSSH configuration for reference.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In 6120054.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 27, 2021
@dkocher
Copy link
Contributor

dkocher commented Jan 16, 2023

Follow up in #13947 with the option read IdentityFile configuration directive to limit authentication attempts using agent.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement fixed sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

2 participants