I was working with a new Linux distro and after creating a brand-new VM with a single login I attempted to ssh into the VM only to be greeted with:
Received disconnect from 10.0.0.180 port 22:2: Too many authentication failures Disconnected from 10.0.0.180 port 22
It was a new VM, and I hadn’t loaded an ssh key (there was no option to do so in the install). I’d set up a user and password, so I expected to get a password prompt. I didn’t get to a password prompt, just an immediate disconnect.
I used ssh -vvv to connect and found that my ssh client was attempting to use my ssh keys, as ssh is supposed to, and on the third key the VM spat back the error:
Received disconnect from 10.0.0.180 port 22:2: Too many authentication failures Disconnected from 10.0.0.180 port 22
Well, I wanted to connect with a password anyhow, so I tried:
ssh -o PubkeyAuthentication=no username@10.0.0.180
I was greeted with a password: prompt.
I checked the /etc/ssh/sshd_config and found that someone who’d built the install image had changed the default setting for MaxAuthTries from 6 to 2. Setting it back to the more reasonable default of 6 and reloading the sshd daemon fixed the issue. Apparently whoever tested the setup only has one ssh key and wasn’t aware of what changing the MaxAuthTries setting does.
If you’re concerned about ssh security sshd_config allows you to control what versions of the ssh protocol are supported, which ciphers you trust (or don’t trust), and to tune other settings that lock down what you will or won’t allow ssh to do in your environment. It may be that for some applications in some environments setting MaxAuthTries 2 makes sense, but using it for an out of the box installation just breaks ssh for no good reason.
Hope you find this useful.
Follow earlruby