User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
303 points

how do I reset ssh login (too many failures) for portable home sync with server-side file tracking?

When my systems (ML) start to sync the portable home directory with the server (MLS), PHD syncing ignores server-side file tracking. The reason can be found in the verbose log for FileSyncAgent:

<Login> 1:: [13/08/17 06:55:08.432] -[SSHIPCClient handleStderrLineOrEOF:]: [2013-08-17 04:55:08 +0000] 'Warning: Permanently added '[FQDN]:2336' (RSA) to the list of known hosts.^M<Login> 1:: [13/08/17 06:55:08.432] '

<Login> 1:: [13/08/17 06:55:08.451] -[SSHIPCClient handleStderrLineOrEOF:]: [2013-08-17 04:55:08 +0000] 'Received disconnect from IPADDRESS: Too many authentication failures for USER^M<Login> 1:: [13/08/17 06:55:08.451] '

<Login> 1:: [13/08/17 06:55:08.451] -[SSHIPCClient handleStderrLineOrEOF:]: SSH: 'Received disconnect from IPADDRESS: 2: Too many authentication failures for USER^M<Login> 1:: [13/08/17 06:55:08.451] '

How do I reset the 'too many failures' on the server?


Note: this is not the firewall issue that may plague PHD syncing with server-side file tracking. There is a connection through the firewall, but sshd on the other side refuses to accept the login.

Posted on Aug 16, 2013 10:14 PM

Reply
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
145,801 points

Posted on Sep 3, 2013 6:38 AM

Yes, MaxAuthTries is involved here as a limit, but -vvv should tell you more of what's going on...


Warning: Permanently added '[FQDN]:2336' (RSA) to the list of known hosts.


is normal for a new ssh connection.


Too many authentication failures for USER


usually means the password is wrong, or the ssh certificate is not accepted or not acceptable. Or that you might possibly have tried a large number of different logins, and bumped into MaxAuthTries.


Try an ssh from the client into the target box with the -vvv switch (and the proper target port, if you're not using 22 here), and see if you can duplicate the error. The -vvv turns on gonzo logging. Depending on what's going on, you might also have to turn on logging in sshd. That's usually a configuration file option within the context of the daemon.


For grins, I'd also check DNS services on both the client and the server; use sudo changeip -checkhostname on the server, and dig +short www.example.com (substitute the FQDN of the server) on the client.

View in context
3 replies
Question marked as Top-ranking reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
145,801 points

Sep 3, 2013 6:38 AM in response to Gerben Wierda

Yes, MaxAuthTries is involved here as a limit, but -vvv should tell you more of what's going on...


Warning: Permanently added '[FQDN]:2336' (RSA) to the list of known hosts.


is normal for a new ssh connection.


Too many authentication failures for USER


usually means the password is wrong, or the ssh certificate is not accepted or not acceptable. Or that you might possibly have tried a large number of different logins, and bumped into MaxAuthTries.


Try an ssh from the client into the target box with the -vvv switch (and the proper target port, if you're not using 22 here), and see if you can duplicate the error. The -vvv turns on gonzo logging. Depending on what's going on, you might also have to turn on logging in sshd. That's usually a configuration file option within the context of the daemon.


For grins, I'd also check DNS services on both the client and the server; use sudo changeip -checkhostname on the server, and dig +short www.example.com (substitute the FQDN of the server) on the client.

Reply
User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
303 points

Sep 2, 2013 1:36 PM in response to cpragman

Hello cpragman,


I think this can't be right. The error message is not 'being unable to connect' (which is what firewall blocking would result in) but a successful connect is followed by sshd 'not allowing the login'. We're already beyond the firewall at this stage.


Besides, afctl is a dynamic front end to ipfw, which in MLS (10.8 Server) is empty and does not block anything. The appl level firewall and socketfilter have taken its place.


I think a workaround would be to change MaxAuthTries for the sshd config that is used by mobile home sync. I still have to try that.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

how do I reset ssh login (too many failures) for portable home sync with server-side file tracking?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up