A customer reported that he is not able to start a debug session, and that he sees the following error message in his output:
$ sem attach <job-id>
Warning: Permanently added '[<ip>]:<port>' (RSA) to the list of known hosts.
Received disconnect from <ip> port <port>:2: Too many authentication failures
Disconnected from <ip> port <port>
Root Cause of Too many authentication failures
The most common cause of this issue is if you have multiple keys set up on your machine, and you breach the MaxAuthTries configuration on the server. The default value of this is set to 6, in other words, if you have more than 6 keys that are checked in a sequence the server will reject your connection.
How to reproduce this issue
First, create 6 keys on your machine and add them to your ssh agent:
A customer reported that he is not able to start a debug session, and that he sees the following error message in his output:
Root Cause of Too many authentication failures
The most common cause of this issue is if you have multiple keys set up on your machine, and you breach the
MaxAuthTriesconfiguration on the server. The default value of this is set to6, in other words, if you have more than6keys that are checked in a sequence the server will reject your connection.How to reproduce this issue
First, create 6 keys on your machine and add them to your ssh agent:
Then, create your actual key somewhere else, and add it to the authorized keys:
Now, if you try to connect without the IdentitiesOnly flag set to
yes:You will rejected. The SSH agent will offer the keys in the following sequence:
~/.ssh/id_rsa_1~/.ssh/id_rsa_2~/.ssh/id_rsa_3~/.ssh/id_rsa_4~/.ssh/id_rsa_5~/.ssh/id_rsa_6/tmp/real-key<-- notice that the key that you provided is the lastThe fix introduced in this Pull Request
This PR introduces an additional flag to the SSH connection when started the debug session:
This forces the client to use only the key provided with the
-i /tmp/real-keyflag.