Why password authentication is not allowed?
Solution 1
The SSH client doesn't have a change to even try password authentication because all authentication attempts are used for your public keys.
Removed unused public keys, add something like
Host * PubkeyAuthentication=no
to ~/.ssh/config
or actually use public key authentication by adding a public key to ~/.ssh/authorized_keys
on the server side.
Solution 2
I am afraid you have too many keys available in your ~/.ssh
.
ssh
seems to try to use first every key available, but the target machine will only accept 5 authentication requests, so there is no chance to attempt a password authentication.
Move or remove some unused keys so that you have less than 5 keys in your "ssh-add -l
".
Solution 3
I also found out that this error pops up when you don't have the same host name set up as the server reports itself, even though your account is valid and ssh public key's permissions are correctly set up.
So for e.g. you have overridden the hostname in your /etc/hosts locally, giving an alias which is different to what the actual hostname is of the remote SSH server.
XX.XX.YY.YY host.correct.domain hostalias
If you are trying to ssh using the hostname as hostalias, the remote SSH server refuses public key authentication, because its hostname is host.correct.domain . This happens on OpenSSH v4.3 server version.
Hope this helps.
Mark Zhang
Updated on June 27, 2022Comments
-
Mark Zhang almost 2 years
My ssh seems only accept public key authentication now. Even if I'm sure that "PasswordAuthentication" is yes in my /etc/ssh/ssh_config. Here is my ssh log. I wanna know why the password authentication is not allowed in my ssh? P.S: I can force ssh to use password authentication by adding "-o PubkeyAuthentication=no" in the command line.
markz@markz-hp6200:~$ ssh -l lab 10.19.170.114 -v OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /home/markz/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.19.170.114 [10.19.170.114] port 22. debug1: Connection established. debug1: identity file /home/markz/.ssh/id_rsa type -1 debug1: identity file /home/markz/.ssh/id_rsa-cert type -1 debug1: identity file /home/markz/.ssh/id_dsa type -1 debug1: identity file /home/markz/.ssh/id_dsa-cert type -1 debug1: identity file /home/markz/.ssh/id_ecdsa type -1 debug1: identity file /home/markz/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1 debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA d5:c0:00:1b:bf:54:56:a0:c6:68:6f:62:a4:1a:e3:e1 debug1: Host '10.19.170.114' is known and matches the ECDSA host key. debug1: Found key in /home/markz/.ssh/known_hosts:10 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: markz@markz-hp6200 debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: markz@markz-hp6200 debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: markz@markz-hp6200 debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: markz@markz-hp6200 debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: markz@markz-desktop debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: markz@markz-desktop Received disconnect from 10.19.170.114: 2: Too many authentication failures for lab