LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Too many authentication failures for user - ssh problem (http://www.linuxquestions.org/questions/linux-server-73/too-many-authentication-failures-for-user-ssh-problem-765310/)

dlugasx 10-29-2009 09:23 AM

Too many authentication failures for user - ssh problem
 
Quote:

Received disconnect from xx.xxx.xx.xx: 2: Too many authentication failures for user
Does anybody knows what should I do with that command ?

How can I reset failures number on the server.


I have tried with faillog... doesnt work.


hellpp...

alpha01 10-29-2009 06:01 PM

Not sure what you man by "I have tried with faillog... doesnt work." But you can try blocking that ip.

iptables -A INPUT -s XX.XX.XX.2 -j DROP
iptables -A OUTPUT -d xx.xx.xx.2 -j DROP

edenCC 10-29-2009 11:01 PM

As for my experience, use a non-standard SSH port is the easiest way to get rid of such noise...

Alternative ways can be used to block these bad eggs directly, e.g. fail2ban

qneill 08-03-2011 10:34 PM

Maybe OP was reporting a client side problem?
 
I think both replies assumed OP was trying to block activity on the server.

But I found this thread when I was debugging a ~/.ssh/config glitch which caused the wrong key to be used. Since PasswordAuthentication was disabled on the server, I saw "Too many authentication failures".

To the OP if you're still out there, re: to the thread if you want help debugging a client side connection.

dmelo87 08-04-2011 12:03 PM

I agree with the other guys, there is a few measures you might wanna take in order to increase security:
  • Put ssh on a non-standard port
  • ban the ips that was causing trouble with iptables
  • define on the ssh config the set of users that can login with ssh (its good to exclude users like postgres that are created by default when you install systems)
  • disable root login


---------- Post added 08-04-11 at 12:04 PM ----------

Btw... there is a set of ssh tricks on this post also... http://diogomelo.net/blog/09/ssh-tricks


All times are GMT -5. The time now is 08:08 AM.