Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.
Problem description
If you use SSH to log on to an Linux instance and enter the password multiple times, the server returns the following error messages. Then the connection is interrupted and the logon fails.
Too many authentication failures for root.
Cause
SSH can be used to configure password retry policy. The policy is triggered when the password is incorrectly entered multiple times. As a result, the connection is interrupted and the logon fails.
Note: this configuration does not lock the account, but only disconnects the corresponding session. When you log on to the client by using SSH, you can try to use the password again.
Solution
Alibaba Cloud reminds you that:
- Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
- If you modify the configurations and data of instances including but not limited to ECS and RDS instances, we recommend that you create snapshots or enable RDS log backup.
- If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.
The configurations and descriptions in this article have been tested in a CentOS 6.5 64-bit operating system. The operating system configurations of other types and versions may be different. For more information, see the official documentation of the operating system.
- Log on to an instance. For more information about how to log on to an instance, seeconnect to a Linux instance by using a management terminal.
- Run cat or other commands to check whether the file
/etc/ssh/sshd_config
contains configurations similar to the following.MaxAuthTries 6
Note: this parameter is not enabled by default. This parameter is used to limit the number of consecutive incorrect password entries that a user can make each SSH logon. If the number of incorrect inputs exceeds the limit, the SSH connection is disconnected and related error messages are displayed. However, the account is not locked. You can log on to the account through SSH again.
- These policies can improve server security. Ask the user to determine whether the relevant configuration needs to be modified after weighing the security and ease of use.
- If you need to modify the relevant policy configuration, we recommend that you perform file backup before modification.
- Use an editor such as vi to modify parameters or delete or comment out configurations in individual lines. For example, adding "#" before a parameter is used to comment out the parameter. Save the settings and exit the file. Then, restart the SSH service.
# MaxAuthTries 6
- If you have any questions, seeguidelines for troubleshooting failure to remotely log on to Linux instances through SSH for further troubleshooting and analysis.
Application scope
- ECS