desktop-packages team mailing list archive

Thread
Date

[Bug 1195911] Re: ssh: Received disconnect from xx.yy.zz.aa: 2: Too many authentication failures for XXXX

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Sebastien Bacher <seb128@xxxxxxxxxx>
Date: Thu, 12 Mar 2015 11:45:30 -0000
Reply-to: Bug 1195911 <1195911@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: gnome-keyring (Ubuntu)
   Importance: Undecided => High

** Bug watch added: GNOME Bug Tracker #730126
   https://bugzilla.gnome.org/show_bug.cgi?id=730126

** Also affects: gnome-keyring via
   https://bugzilla.gnome.org/show_bug.cgi?id=730126
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1195911

Title:
  ssh: Received disconnect from xx.yy.zz.aa: 2: Too many authentication
  failures for XXXX

Status in GNOME keyring services:
  Unknown
Status in gnome-keyring package in Ubuntu:
  Triaged

Bug description:
  When trying to connect using ssh, I get this error:

  	Received disconnect from xx.yy.zz.aa: 2: Too 
          many authentication failures for XXXX

  It appears that for some reason Lubuntu's agent somehow arbitrarily
  pulls in some keys and, despite not being asked to, tries to use them
  for authentication and won't let me try the password.

  If I list the keys in the agent (ssh-add -L) then it lists a bunch of public
  keys, none of which I put there, none of which should be there.  If
  anything there should be private keys in the agent.  If I remove the
  keys (ssh-add -D) then they are still there when I check again.

  Looking at the output for the server, it looks like it keeps trying keys
  until the max limit for failed logins is reached.

  The problem can be made to go away by uninstalling gnome-keyring and
  rebooting or by clearing ~/.ssh/ of keys.

  The problem can be created by adding 6 or more keys to ~/.ssh/ and
  then trying to connect with ssh, say to localhost.

    cd ~/.ssh/
    ssh 127.0.0.1
    ssh-keygen -P '' -f test_key_1
    ssh-keygen -P '' -f test_key_2
    ssh-keygen -P '' -f test_key_3
    ssh-keygen -P '' -f test_key_4
    ssh-keygen -P '' -f test_key_5 
    ssh 127.0.0.1
    ssh-keygen -P '' -f test_key_6
    ssh 127.0.0.1
    rm test_key_6
    ssh 127.0.0.1

  I'm not sure if this is a security vulnerability.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.10
  Package: gnome-keyring 3.8.2-0ubuntu3
  ProcVersionSignature: Ubuntu 3.9.0-7.15-generic 3.9.7
  Uname: Linux 3.9.0-7-generic x86_64
  ApportVersion: 2.10.2-0ubuntu2
  Architecture: amd64
  Date: Sat Jun 29 00:52:05 2013
  InstallationDate: Installed on 2013-06-21 (7 days ago)
  InstallationMedia: Lubuntu 13.10 "Saucy Salamander" - Alpha amd64+mac (20130620)
  MarkForUpload: True
  SourcePackage: gnome-keyring
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-keyring/+bug/1195911/+subscriptions