Ubuntu SSH Client: Too Many Authentication Attempts

I’ve been using a “config” file located at ~/.ssh/config to list out the identities of the various SSH hosts that I connect to on a regular basis. It was successfully preventing me from having to keep track of the usernames for the various accounts I was connecting to on the servers, but when I got to a certain number of entries in the file, I started getting this error:

Received disconnect from *HOST*: 2: Too many authentication failures for *USERNAME*

I Googled around and tried various solutions, including using ssh-add and had limited success, but running an ssh -v hostentry command for a given connection (the -v puts the command in verbose mode) allowed me to see that my machine was still offering up multiple keys.

This seems counter-intuitive to me. The whole point of using the config file is to tell it which key to use, right? Why should I even need to add the identity to the SSH agent? And I wasn’t about to increase the number of retries on the servers. That seems like a recipe for disaster. I should only need one try because I have the right key sitting here!

I finally ran the right Google search and discovered this SuperUser (StackOverflow) question, which had the missing component I needed in one of its answers.

The critical element in the config file that forces the SSH client to use only the key specified is this line:

    IdentitiesOnly yes

Adding that to each of the entries in the config file (immediately below the “IdentifyFile” declaration) did the trick.

So now a typical entry in my config file looks something like this:

Host myshortcut
  HostName somedomain.com
  user someuser
  IdentityFile ~/.ssh/somekey_rsa
  IdentitiesOnly yes

I hope this helps someone!

Leave a Reply