Control: reassign -1 openssh-client 1:7.6p1-2 Control: severity -1 important Control: retitle -1 openssh-client: "Too many authentication failures" with the 7th identity
On 2017-12-11 12:37:11 +0100, Vincent Lefevre wrote: > Package: subversion > Version: 1.9.7-3 > Severity: grave > Justification: renders package unusable > > Just after the upgrade to 1.9.7-3, "svn+ssh:" is now unusable, > at least with some servers. This is a major regression. > > Before the upgrade, on the server side: > > Dec 11 12:16:28 joooj sshd[12206]: Postponed publickey for svn from > 140.77.13.17 port 36508 ssh2 [preauth] > Dec 11 12:16:28 joooj sshd[12206]: Accepted publickey for svn from > 140.77.13.17 port 36508 ssh2: RSA > SHA256:SesJlF53vo9BluX48f4cBF+NnHhzpgQRqXa629zs6P0 > Dec 11 12:16:28 joooj sshd[12206]: pam_unix(sshd:session): session opened for > user svn by (uid=0) > Dec 11 12:16:28 joooj svnserve: DIGEST-MD5 common mech free > Dec 11 12:16:28 joooj sshd[12213]: Received disconnect from 140.77.13.17 port > 36508:11: disconnected by user > Dec 11 12:16:28 joooj sshd[12213]: Disconnected from 140.77.13.17 port 36508 > Dec 11 12:16:28 joooj sshd[12206]: pam_unix(sshd:session): session closed for > user svn > > After the upgrade, on the server side: > > Dec 11 12:18:52 joooj sshd[12242]: error: maximum authentication attempts > exceeded for svn from 140.77.13.17 port 38542 ssh2 [preauth] > Dec 11 12:18:52 joooj sshd[12242]: Disconnecting: Too many authentication > failures [preauth] > > Note: openssh-client is still the same version, so that what seems to > trigger the failure is the subversion upgrade. > > I'll try to downgrade... The downgrade had no effect. But I've found the cause of the problem, which is in OpenSSH. What happened in the following: after the upgrade, I had to reboot. But in the mean time, I had added a new SSH private key identity (~.ssh/id_rsa-...), which was taken into account only after the reboot. A "ssh-add -l" shows the 7 identities, id_rsa-svn being the last one. If I try again without the new SSH private key identity, everything works fine. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
