SSH Too Many Authentication Failures — Connection Rejected After Key Attempts
About SSH Too Many Authentication Failures
Fix SSH 'Too many authentication failures' error when the SSH client tries too many keys before finding the correct one, exceeding the server's MaxAuthTries limit. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: SSH clients try all loaded keys (from ssh-agent and config) before falling back to password. If you have 5+ SSH keys loaded, the client may exhaust MaxAuthTries (default 6) before trying the right key. Each key attempt counts as an authentication try even if the key is wrong. The server disconnects after MaxAuthTries is reached, showing 'Too many authentication failures'. This commonly affects developers with multiple GitHub, GitLab, and server SSH keys. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: Too many SSH keys loaded in ssh-agent (each is tried sequentially). SSH config (~/.ssh/config) not specifying which key to use for each host. Server MaxAuthTries set too low for the number of keys the client offers. IdentitiesOnly not set, causing the client to try agent keys in addition to configured keys. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Specify the correct key per host in ~/.ssh/config: Host server.com > IdentityFile ~/.ssh/server_key. Add 'IdentitiesOnly yes' to the host config to use only the specified key (not agent keys). List loaded agent keys: 'ssh-add -l' — remove unnecessary keys with 'ssh-add -d key_file'. Force password auth for testing: 'ssh -o PreferredAuthentications=password user@host'. If server admin: increase MaxAuthTries in /etc/ssh/sshd_config (default is 6). If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our Linux Error Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
Why does SSH try all my keys?
By default, SSH offers all keys from ssh-agent and default key paths (~/.ssh/id_rsa, id_ed25519, etc.) to the server. Without IdentitiesOnly and IdentityFile in your config, every key is tried for every host.
Overview
Fix SSH 'Too many authentication failures' error when the SSH client tries too many keys before finding the correct one, exceeding the server's MaxAuthTries limit.
Key Details
- SSH clients try all loaded keys (from ssh-agent and config) before falling back to password
- If you have 5+ SSH keys loaded, the client may exhaust MaxAuthTries (default 6) before trying the right key
- Each key attempt counts as an authentication try even if the key is wrong
- The server disconnects after MaxAuthTries is reached, showing 'Too many authentication failures'
- This commonly affects developers with multiple GitHub, GitLab, and server SSH keys
Common Causes
- Too many SSH keys loaded in ssh-agent (each is tried sequentially)
- SSH config (~/.ssh/config) not specifying which key to use for each host
- Server MaxAuthTries set too low for the number of keys the client offers
- IdentitiesOnly not set, causing the client to try agent keys in addition to configured keys
Steps
- 1Specify the correct key per host in ~/.ssh/config: Host server.com > IdentityFile ~/.ssh/server_key
- 2Add 'IdentitiesOnly yes' to the host config to use only the specified key (not agent keys)
- 3List loaded agent keys: 'ssh-add -l' — remove unnecessary keys with 'ssh-add -d key_file'
- 4Force password auth for testing: 'ssh -o PreferredAuthentications=password user@host'
- 5If server admin: increase MaxAuthTries in /etc/ssh/sshd_config (default is 6)