ssh: Received disconnect from xx.yy.zz.aa: 2: Too many authentication failures for XXXX
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNOME Keyring |
Confirmed
|
Medium
|
|||
gnome-keyring (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
When trying to connect using ssh, I get this error:
Received disconnect from xx.yy.zz.aa: 2: Too
many authentication failures for XXXX
It appears that for some reason Lubuntu's agent somehow arbitrarily
pulls in some keys and, despite not being asked to, tries to use them
for authentication and won't let me try the password.
If I list the keys in the agent (ssh-add -L) then it lists a bunch of public
keys, none of which I put there, none of which should be there. If
anything there should be private keys in the agent. If I remove the
keys (ssh-add -D) then they are still there when I check again.
Looking at the output for the server, it looks like it keeps trying keys
until the max limit for failed logins is reached.
The problem can be made to go away by uninstalling gnome-keyring and rebooting or by clearing ~/.ssh/ of keys.
The problem can be created by adding 6 or more keys to ~/.ssh/ and then trying to connect with ssh, say to localhost.
cd ~/.ssh/
ssh 127.0.0.1
ssh-keygen -P '' -f test_key_1
ssh-keygen -P '' -f test_key_2
ssh-keygen -P '' -f test_key_3
ssh-keygen -P '' -f test_key_4
ssh-keygen -P '' -f test_key_5
ssh 127.0.0.1
ssh-keygen -P '' -f test_key_6
ssh 127.0.0.1
rm test_key_6
ssh 127.0.0.1
I'm not sure if this is a security vulnerability.
ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: gnome-keyring 3.8.2-0ubuntu3
ProcVersionSign
Uname: Linux 3.9.0-7-generic x86_64
ApportVersion: 2.10.2-0ubuntu2
Architecture: amd64
Date: Sat Jun 29 00:52:05 2013
InstallationDate: Installed on 2013-06-21 (7 days ago)
InstallationMedia: Lubuntu 13.10 "Saucy Salamander" - Alpha amd64+mac (20130620)
MarkForUpload: True
SourcePackage: gnome-keyring
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in gnome-keyring (Ubuntu): | |
importance: | Undecided → High |
Changed in gnome-keyring (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in gnome-keyring: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
This seems to be partially fixed in Saucy now. Identities are not getting automatically added to the agent. However, if six keys are added to the agent manually, it then still is impossible to authenticate using a seventh key either added to the agent or pointed to manually.