Posted over 11 years ago. Visible to the public.

How to fix "Too many authentic authentication failures" with SSH and/or Capistrano

You are getting when connecting via SSH or deploying with Capistrano (which uses SSH):

Copy
Too many authentication failures for username

This is caused by having too many SSH keys added to your keyring or ssh-agent. Your ssh-agent will throw all keys against a server until one matches. Most servers will deny access after 5 attempts.

This issue might come and go as the order of the active SSH keys in your ssh-agent changes.

Quick fix

Have less keys. Up to 5 keys are fine when the SSHD you're connecting to is using the default config.

Every fix that involves you keeping many keys will cause you pain.

Painful fix for SSH and Capistrano: Add keys manually

  • You will need to disable your gnome keyring daemon to regain control over your added keys.
  • Disable the gnome keyring daemon in your Settings -> Startup programs. You might need to uncheck the box and reopen the dialog twice for the change to stick.
  • Restart X.
  • Clear your list of active keys with "ssh-add -D". "ssh-add -l" should now be empty.
  • Now every morning you selectively add the keys you're going to use with ssh-add ~/.ssh/keyname.key.

Painful fix for SSH only: Have a very strict SSH config

You can tell your SSH client which keys to use for which host. Change your ~/.ssh/config file like this:

Copy
Host * IdentitiesOnly yes Host github.com github User your-user Hostname github.com RSAAuthentication yes Compression yes IdentityFile ~/.ssh/your-user.key

You will now be able to connect to github.com and any other host you list in the file, but you can now no longer connect to an unlisted host.

Also you will still be out of luck with Capistrano.

Painful fix for Capistrano only: Monkey patch your deploy.rb

Net::SSH isn't very smart about using your ssh-agent. Basically whenever it sees a running ssh-agent it tries to connect with all added keys. Also it ignores your SSH-config and any settings like ssh_settings[:keys] = ['~/.ssh/foo.key'] when an ssh-agent is running.

Here is a horrible fix: Monkey patch your deploy.rb so the agent is not used:

Copy
class Net::SSH::Authentication::KeyManager def use_agent? false end end

This will probably break the deploy script for every other person working on the same project and cause you all sorts of bad karma.

Flaky tests are tests that sometimes fail for no obvious reason. They are the plague of many end-to-end (E2E) test suites that automate the browser through tools like Capybara and Selenium.

Join our free training event and learn to fix any flaky test suite, even in large legacy applications.

Owner of this card:

Avatar
Henning Koch
Last edit:
almost 11 years ago
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more