Client fails to connect: too many identiies: IdentitiesOnly not available?

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
RiRL
500 Command not understood
Posts: 1
Joined: 2019-07-16 20:47
First name: Rick
Last name: Landon

Client fails to connect: too many identiies: IdentitiesOnly not available?

#1 Post by RiRL » 2019-07-16 21:01

Is there a setting that tells the client to use (or ignore) identities?
There appears to be no way to configure the filezilla client and it simply does not honor the ~/.ssh/config (see below)

For some SSH servers (like the default ones in AWS), the daemon is built to allow only a certain number of attempts before rejecting the request (whether by key or password).
(In AWS its 6 the default for Open SSH). If you have more than the number of keys in the ~/.ssh directory, the login to such servers will always fail.

On the SSH command line, giving the IdentityOnly=yes setting(https://superuser.com/questions/268776/how-do-i-configure-ssh-so-it-dosent-try-all-the-identity-files-automatically) tries only the specific identity file given.
Alternatively, in the SSH configuration (~/.ssh/config) the follow also works:

Host *
IdentitiesOnly yes

In https://remmina.org/ using password authentication and a no identity file also works (if a key is used: the ~/.ssh/config setting is honored).
There appears to be no way to configure the filezilla client and filezilla simply does not honor the ~/.ssh/config settings

User avatar
botg
Site Admin
Posts: 32916
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Client fails to connect: too many identiies: IdentitiesOnly not available?

#2 Post by botg » 2019-07-17 08:12

Why even have more than one key? It doesn't increase security.

In addition to the keys configured in FileZIlla itself, FileZilla uses the keys presented to it by your system's SSH agent. It does not look into ~/.ssh/ which is a private configuration directory for OpenSSH.

JasonLABS
500 Command not understood
Posts: 1
Joined: 2020-05-14 19:38
Contact:

Re: Client fails to connect: too many identiies: IdentitiesOnly not available?

#3 Post by JasonLABS » 2020-05-15 02:06

RiRL wrote:
2019-07-16 21:01
Is there a setting that tells the client to use (or ignore) identities?
There appears to be no way to configure the filezilla client and it simply does not honor the ~/.ssh/config (see below)
According to this post, there is no way currently to stop Filezilla from trying all available keys before resorting to the username and password.
I spent time fiddling with it and have a work around that helped me. It may not be the recommended way to do this, but it did fit my use-case.

I found that I like using Filezilla for the convenience, but I also found that I need to use the command line sometimes too.
Also, for "reasons/use-cases" I have different keys for different servers.

I'm running Linux Ubuntu 18.04 and using the command line for SSH and SFTP as well as running Filezilla 3.28.0

Within my .ssh folder, I moved all of my keys into a sub-folder called "keys" and I left the file "config" and "known_hosts" as they were.

I found that Filezilla does not currently search sub-folders for keys. This prevents running into the "Too many identities" error, but you still have access to the keys when you need them.
If you need Filezilla to use a key, you should be able to specify the key in the settings and locate it in the "keys/" sub-folder.

My file structure looks like this:

.ssh/
  • keys/
    • id1_rsa
    • id1_rsa.pub
    • id2_rsa
    • id2_rsa.pub
  • config
  • known_hosts
For times that I want to use ssh or sftp from the terminal, I specifically located the keys in the "config" file.
This is what my config file looks like (These are obviously not real ip addresses... or I don't think they are):

Code: Select all

Host 111.111.111.111
        IdentityFile ~/.ssh/keys/id1_rsa
        
Host 222.222.222.222
        IdentityFile ~/.ssh/keys/id2_rsa
        
Host *
        IdentitiesOnly yes
In Linux using the "~" tells the program to start from the home directory. You will want to use the path for your ".ssh/" directory.

Also, using the "IdentitiesOnly yes" setting tells ssh to only use a specific keyfile instead of cycling through all of your keys.

This lets you use the terminal for ssh and the config file will locate the appropriate key:

Code: Select all

ssh username@111.111.111.111
If you are using the command line for ssh or sftp without a "config" file, the command would look like this:

Code: Select all

ssh -i ~/.ssh/keys/id1_rsa username@111.111.111.111
The "-i" flag indicates you are choosing a specific key and the part after the flag is the path/to/keys/id1_rsa

You can find further reading in the ssh manpages or in this helpful article I found useful.

Post Reply