Too many authentication failures due to too many ID files present on password authentication

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
rovo
500 Command not understood
Posts: 2
Joined: 2019-02-07 12:11
First name: Roman

Too many authentication failures due to too many ID files present on password authentication

#1 Post by rovo » 2019-02-07 12:32

Hi,

on my development machine I have a couple of ID files provided by my employee and projects I work on. I have to connect to a SFTP server that supports both certificate based and password based authentication. The problem is now, even though that I configured a server connection using a password authentication, FileZilla probes each of my identity files first and thus exceeds the number auf authentication requests permitted by the server.

As far as I understood the SSH/SFTP protocol the server just provides the supported authentication mechanism to the client and the client chooses the method that is most suitable. From the logs I see that FileZilla on my MacOS Mojave uses Pagent for probing each of my identity files against the server. While I understand that probing each of the identitiy files first is probably the most convenient option for most users, on explicitly selecting password as connection type I'd expect that the specified password should be attempted first.
13:22:10 Trace: We claim version: SSH-2.0-FileZilla_3.40.0
13:22:10 Trace: Server version: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6
13:22:10 Trace: Using SSH protocol version 2
13:22:10 Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256
13:22:10 Trace: Host key fingerprint is:
13:22:10 Trace: ssh-rsa 2048 97:78:da:4f:8a:f1:50:c6:ef:7a:b7:f8:25:28:01:31 3QI8TlNcqsaLhCKnaULxQCRh+RZ+lEaXg4xllXr89nY=
13:22:10 Trace: Initialised AES-256 GCM client->server encryption
13:22:10 Trace: Initialised AES256 GCM client->server MAC algorithm (in ETM mode) (required by cipher)
13:22:10 Trace: Initialised AES-256 GCM server->client encryption
13:22:10 Trace: Initialised AES256 GCM server->client MAC algorithm (in ETM mode) (required by cipher)
13:22:10 Trace: Pageant is running. Requesting keys.
13:22:10 Trace: Pageant has 8 SSH-2 keys
13:22:10 Trace: Trying Pageant key #0
13:22:10 Trace: Server refused our key
13:22:10 Trace: Trying Pageant key #1
13:22:10 Trace: Server refused our key
13:22:10 Trace: Trying Pageant key #2
13:22:10 Trace: Server refused our key
13:22:10 Trace: Trying Pageant key #3
13:22:10 Trace: Server refused our key
13:22:10 Trace: Trying Pageant key #4
13:22:10 Trace: Server refused our key
13:22:10 Trace: Trying Pageant key #5
13:22:10 Trace: Received disconnect message (protocol error)
13:22:10 Trace: Disconnection message text: Too many authentication failures
13:22:10 Trace: Server sent disconnect message
13:22:10 Trace: type 2 (protocol error):
13:22:10 Trace: "Too many authentication failures"
How can I avoid probing each identity file for that particular server in my FileZilla client or at least prefer password authentication to the identity files if specified as such?

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Too many authentication failures due to too many ID files present on password authentication

#2 Post by botg » 2019-02-07 13:49

I have to connect to a SFTP server that supports both certificate based and password based authentication.
SFTP does not use certificates. Do you mean public key authentication?


In general one user shouldn't have more than a single key, having multiple keys just adds needless complexity.
on my development machine I have a couple of ID files provided by my employee and projects I work on.
That's the wrong way around. You are supposed to generate the key pair on your machine and then give the public part to the server administrator to allow access to you as only one knowing the private key.

rovo
500 Command not understood
Posts: 2
Joined: 2019-02-07 12:11
First name: Roman

Re: Too many authentication failures due to too many ID files present on password authentication

#3 Post by rovo » 2019-02-07 14:25

yes, I meant public key authentication. Sorry for messing this up.

Regarding only having a single key: While I admit that this SHOULD be the case, reality is, some employers don't respect such rules and issue own identity files for their users. Some even for each environment. This is unfortunately the situation I'm currently in and I'm also not in the position to change that easily.

So, how should I proceed?

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Too many authentication failures due to too many ID files present on password authentication

#4 Post by botg » 2019-02-07 14:45

In this case I recommend not having all the keys loaded in your SSH agent but to setup each site entry to use the specific key it needs individually.

Post Reply