SSH unlock user (root) after unsuccessful login attemps

Sure:

~/.ssh

or

/root/.ssh

1 Like

So no one any idea how to unlock a previously locked root?

Does IPFire use OpenSSH for SSH access? If so, I could not yet find a source in internet, which gave me the answer for this task.

Edit: Just changed the topic title to be more precise.

Yes it does

1 Like

What is the message that you get back when you try and use ssh again. Does it come back with

error: maximum authentication attempts exceeded for…

or

Too many authentication failures

or some other message?

Adolf,

I subsequently get

Received disconnect from 192.168.0.1 port 222:2: Too many authentication failures
Disconnected from 192.168.0.1 port 222

Of course, when I lock out the user root, I’ve not chance of unlocking it with another terminal session, when not already opened.

Someone posted here to use this command to login without using public key:

ssh -o PubkeyAuthentication=no root@host

Did not check it so far (just found this), but this command will switch the authentication method and most probably not drop the locking for user root (using public key authentication).

If you have pub key authentication turned on and password authentication turned off then I doubt that that command will change it otherwise all hackers would just go staright to password authentication to try and break in.

The MaxAuthTries is set at 6 and after 3 have been passed then the next ones will be logged, so there must be log information available.

If once you have passed the too many authentication failures, it stays never letting you in, then this has to be because you have too many identities in place.

When you run the ssh command add -v and see how many different keys or methods it attempts to use. If this is more than 6 then you will never get in. You have to delete the old keys that were not correct. You could also ad d into your ssh command to tell it to specifically us a particular identity using the -i parameter with the path and file name to the identity.

1 Like

Please run the following command on the computer you are try to use to access IPFire via ssh.

/bin/ssh-add -l

How many entries does it show. Just one or more?

Another method to go to the console is the system console ( serial or KVM, depending at your system ).
This requires direct access to your HW.

This is not the case beause not every SSH client and/or tool (like mentioned UltraEdit or Notepadd++ for editing config files on IPFire), I’m using supports public key authentication so I’ve both methods active :grinning: I know this is not the way to go.

Then if you also have password entries then ssh will scan through those as well and if the combination of public key and password entries is larger than 6 and you have not explicitly specified them then ssh will scan through all of them and when it reaches 6 it will stop. That is what MaxAuthTries does and that is what gives the message that you are seeing.

1 Like

Guys, I do not want to open a “Fass” here, you know :star_struck:

I just want a simple command, better would be a WebIF page, to unlock a previously locked user. Guardian, as written above, is not involved here. Restarting SSH in WebIF was of no help either.

I know, I should avoid any wrong authentication beforehand, but in my case, I did not noticed that the text editor UltraEditor had some problems using a public key and locked me out of the system for quite a long time.

I was logged into a shell in parallel, using Windows Terminal, at them moment this lock out happend, so basically I could have quickly release the lock if I knew an appropriate command :man_shrugging:

https://www.howtouselinux.com/post/2-ways-to-fix-ssh-too-many-authentication-failures

https://cloudmaniac.net/how-to-fix-ssh-too-many-authentication-failures/

3 Likes