Opened 12 years ago
Last modified 3 years ago
#7739 reopened Feature request
cannot connect to sftp server - "Too many authentication failures for user"
| Reported by: | John | Owned by: | |
|---|---|---|---|
| Priority: | high | Component: | FileZilla Client |
| Keywords: | sftp, too-many-authentication-failures | Cc: | |
| Component version: | Operating system type: | Linux | |
| Operating system version: | Arch Linux x86_64 |
Description (last modified by )
Filezilla 3.5.1 cannot connect to sftp servers with either key based or password based methods. Logs with debuging/verbose=3 attached.
I have verified that this is not a function of my system by repeating on an independent box with the same results. As well, I am pretty sure that nothing is wrong with the server because I used "sftp -P 34451 facade@mars" from a shell and connect just fine. As well, using gftp, I am able to connect. The Host OS is Archlinux x86_64 which is up-to-date (Arch is a rolling release).
Attachments (2)
Change History (12)
by , 12 years ago
| Attachment: | key_based.log added |
|---|
comment:1 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
I got it! Turns out that ~/.ssh/config was messing up FileZilla. I dunno why all of a sudden because I have been using my system with this config file for years. This file is formated like this:
Host github.com User facade IdentityFile /home/facade/.ssh/id_rsa_github_dot_com Host mars User facade IdentityFile /home/facade/.ssh/id_rsa_mars Host phobos User facade IdentityFile /home/facade/.ssh/id_rsa_phobos Host deimos User facade IdentityFile /home/facade/.ssh/id_rsa_deimos
I read on the github wiki that one needs this file when dealing with multiple keys. Anyway, if I move ~/.ssh/config out of ~/.ssh, FileZilla works again. Apparently the github wiki is incorrect. I checked, and I am able to push to github without this file. Further, I am able to connect to all my hosts without this file. Problem solved - sorry for the false alarm.
comment:2 by , 12 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Wait... this is NOT resolved. After a reboot I am back to the same behavior even omitting the ~/.ssh/config file!
comment:3 by , 12 years ago
I think the problem is that filezilla only tries 3 keys but I have 5 in my ~/.ssh.
Trace: Trying Pageant key #0 Trace: Server refused public key Trace: Trying Pageant key #1 Trace: Server refused public key Trace: Trying Pageant key #2 Trace: Received disconnect message (protocol error) Trace: Disconnection message text: Too many authentication failures for facade Trace: Server sent disconnect message Trace: type 2 (protocol error): Trace: "Too many authentication failures for facade" Error: Server sent disconnect message Error: type 2 (protocol error): Error: "Too many authentication failures for facade" Trace: CSftpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Error: Could not connect to server Status: Waiting to retry...
If I move all but the one that I need to another dir, filezilla connects as expected.
comment:4 by , 12 years ago
| Type: | Bug report → Feature request |
|---|
I think having filezilla read ~/.ssh/config to know which key to use would be needed here. Why just try all keys?
comment:5 by , 11 years ago
+1 for having Filezilla parse ~/.ssh/config rather than just trying all the keys. The current behaviour breaks the convention of every other ssh-based connection and led me to believe I'd configured Filezilla wrong for weeks.
For now, a decent work around for people not wanting to kill their ssh agent, this works for me:
$ SSH_AUTH_SOCK=""; filezilla
Obviously this only disables the use of the agent, rather than teaching Filezilla how to work with it, but it gets the job done.
comment:6 by , 10 years ago
| Priority: | critical → high |
|---|---|
| Resolution: | → duplicate |
| Status: | reopened → closed |
This is a duplicate of #5480.
comment:7 by , 8 years ago
| Description: | modified (diff) |
|---|---|
| Keywords: | too-many-authentication-failures added |
follow-up: 9 comment:8 by , 5 years ago
| Resolution: | duplicate |
|---|---|
| Status: | closed → reopened |
Please let me to disagree. I have more than 100 keys, do you think it's OK to bombard every single server I connect to with hundreds of keys when every single one of them are going to fail?
It is inconvenient, it is also a privacy issue: I don't want FileZilla to send every public key I own to anywhere I connect to (that's why I use "IdentitiesOnly yes" in SSH config, and create a separate keypair for every server I access, or sometimes just use a password w/o a key).
This IS a bug, at least please leave the issue open so some interested people who can code can see it and maybe solve the issue.
Thank you.
comment:9 by , 4 years ago
100% agree with this.
AG3
Replying to klam0:
Please let me to disagree. I have more than 100 keys, do you think it's OK to bombard every single server I connect to with hundreds of keys when every single one of them are going to fail?
It is inconvenient, it is also a privacy issue: I don't want FileZilla to send every public key I own to anywhere I connect to (that's why I use "IdentitiesOnly yes" in SSH config, and create a separate keypair for every server I access, or sometimes just use a password w/o a key).
This IS a bug, at least please leave the issue open so some interested people who can code can see it and maybe solve the issue.
Thank you.
Edit: I meant to reopen #8232 but wrote the text in a wrong tab, sorry.
comment:10 by , 3 years ago
I use "IdentitiesOnly yes" in SSH config, and create a separate keypair for every server I access.
Is there an easy way to tell filezilla to read my .ssh/config to figure out which key to use?
key-based log