SSH_MSG_DISCONNECT: 2 Too many authentication failures

Hey there, 

You mention that you cannot SSH into your instance due to the error “2 Too many authentication failures”. The authentication failures can occur due to the etc/ssh/sshd_config, which is where the MaxAuthTries (maximum Authentication tries) setting to a # (bastion host) is and the value is a small number. The default value for the MaxAuthTries is 6 . This happens when multiple keys are configured within the SSH-Agent and the client uses all keys to connect to the server. With all the keys failing authentication the server will then close the connection and produce the mentioned error.

To resolve the issue remove keys from the SSH-agent:

ssh-add -L

Shows all keys on keychain

Ssh-add-D

Deletes all the keys from the keychain

Ssh -A user@<bastion-IP-address>

To connect to your instance

Alternate solutions: ssh key forwarding manually

ssh-add myPrivateKey.pem

ssh-add –L

ssh –A user@<bastion-IP-address>

Alternate solutions:

• Increase the MaxAuthTries on the server
• Edit the ~/.ssh/config (on the client) and add IdentitiesOnly blocks so that a connection to a specific host only tries the associated key
• Force non-key authentication, e.g.: ssh -o PubkeyAuthentication=no romain@hostname.com

References :

[1] https://cloudmaniac.net/how-to-fix-ssh-too-many-authentication-failures/

[2] https://stackoverflow.com/questions/31051504/unable-to-connect-from-ec2-server