Skip to content

leap ssh : Too many authentication failures for root

i can't login to fresh created vagrant boxes anymore with leap ssh:

--- git/bitmask ‹develop* M› » leap local start couch1
There were warnings and/or errors while loading your Vagrantfile.
Your Vagrantfile was written for an earlier version of Vagrant,
and while Vagrant does the best it can to remain backwards
compatible, there are some cases where things have changed
significantly enough to warrant a message. These messages are
shown below.

Warnings:
* `config.vm.customize` calls are VirtualBox-specific. If you're
using any other provider, you'll have to use config.vm.provider in a
v2 configuration block.

Bringing machine 'couch1' up with 'virtualbox' provider...
[couch1] Importing base box 'leap-wheezy'...
[couch1] Matching MAC address for NAT networking...
[couch1] Setting the name of the VM...
[couch1] Clearing any previously set forwarded ports...
[couch1] Fixed port collision for 22 => 2222. Now on port 2200.
[couch1] Creating shared folders metadata...
[couch1] Clearing any previously set network interfaces...
[couch1] Preparing network interfaces based on configuration...
[couch1] Forwarding ports...
[couch1] -- 22 => 2200 (adapter 1)
[couch1] Running any VM customizations...
[couch1] Booting VM...
[couch1] Waiting for VM to boot. This can take a few minutes.
[couch1] VM booted and ready for use!
[couch1] Configuring and enabling network interfaces...
[couch1] Mounting shared folders...
[couch1] -- /vagrant
[couch1] -- /srv/varac-dev
There were warnings and/or errors while loading your Vagrantfile.
Your Vagrantfile was written for an earlier version of Vagrant,
and while Vagrant does the best it can to remain backwards
compatible, there are some cases where things have changed
significantly enough to warrant a message. These messages are
shown below.

Warnings:
* `config.vm.customize` calls are VirtualBox-specific. If you're
using any other provider, you'll have to use config.vm.provider in a
v2 configuration block.

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
--- git/bitmask ‹develop* M› » leap -v 3 ssh couch1
 = read /home/varac/dev/projects/leap/git/bitmask/Leapfile
 = read /home/varac/.leaprc
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/dns.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/soledad.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/webapp.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/openvpn.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/tor.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/couchdb.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/services/monitor.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/tags/local.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/tags/development.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/tags/production.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/common.json
 = loading /home/varac/dev/projects/leap/git/leap_platform/provider_base/provider.json
 = loading services/webapp.json
 = loading services/tor.json
 = loading services/mx.json
 = loading services/monitor.json
 = loading tags/hongkong.json
 = loading tags/seattle.json
 = loading tags/dc.json
 = loading tags/clientdev.json
 = loading tags/istanbul.json
 = loading tags/phnompenh.json
 = loading tags/development.json
 = loading tags/production.json
 = loading nodes/web1.json
 = loading nodes/tor1.json
 = loading nodes/sloth.json
 = loading nodes/worm.json
 = loading nodes/aligator.json
 = loading nodes/snail.json
 = loading nodes/clam.json
 = loading nodes/vpn1.json
 = loading nodes/couch2.json
 = loading nodes/canvasback.json
 = loading nodes/zebra.json
 = loading nodes/elephant.json
 = loading nodes/harrier.json
 = loading nodes/mx1.json
 = loading nodes/turtle.json
 = loading nodes/gadwall.json
 = loading nodes/slug.json
 = loading nodes/snake.json
 = loading nodes/wombat.json
 = loading nodes/couch1.json
 = loading nodes/starfish.json
 = loading nodes/beetle.json
 = loading nodes/urchin.json
 = loading nodes/dolphin.json
 = loading nodes/monitor1.json
 = loading common.json
 = loading provider.json
 = loading secrets.json
 = skipping disabled node sloth.
 = skipping disabled node aligator.
 = skipping disabled node turtle.
 = skipping disabled node slug.
 = ssh -l root -p 22 -o 'HostName=10.5.5.44' -o 'GlobalKnownHostsFile=/home/varac/dev/projects/leap/git/bitmask/files/ssh/known_hosts' -o 'UserKnownHostsFile=/dev/null' -i /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key -o 'StrictHostKeyChecking=no' couch1
Warning: Permanently added '10.5.5.44' (ECDSA) to the list of known hosts.
Received disconnect from 10.5.5.44: 2: Too many authentication failures for root
--- bitmask/test ‹develop* M› » ssh -v -l root -p 22 -o 'HostName=10.5.5.44' -o 'GlobalKnownHostsFile=/home/varac/dev/projects/leap/git/bitmask/files/ssh/known_hosts' -o 'UserKnownHostsFile=/dev/null' -i /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key -o 'StrictHostKeyChecking=no' couch1
OpenSSH_6.1p1 Debian-4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/varac/.ssh/config
debug1: /home/varac/.ssh/config line 758: Applying options for couch1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.5.5.44 [10.5.5.44] port 22.
debug1: Connection established.
debug1: identity file /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key type -1
debug1: identity file /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1p1 Debian-4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA d6:b1:49:f0:40:b0:85:87:fd:a5:8b:bc:f5:13:01:3f
Warning: Permanently added '10.5.5.44' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: varac@roc
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: varac@roc
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: varac@roc
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: varac@roc
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: varac@roc
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: varac@roc
Received disconnect from 10.5.5.44: 2: Too many authentication failures for root
--- bitmask/test ‹develop* M› » ls -al /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key                    255 ↵
-rw-rw-r-- 1 root root 1675 Jun 18 17:58 /var/lib/gems/1.9.1/gems/leap_cli-1.1.0/vendor/vagrant_ssh_keys/vagrant.key

however, vagrant ssh still works:

--- git/bitmask ‹develop* M› » cd test                                                                                                255 ↵
--- bitmask/test ‹develop* M› » vagrant ssh couch1
There were warnings and/or errors while loading your Vagrantfile.
Your Vagrantfile was written for an earlier version of Vagrant,
and while Vagrant does the best it can to remain backwards
compatible, there are some cases where things have changed
significantly enough to warrant a message. These messages are
shown below.

Warnings:
* `config.vm.customize` calls are VirtualBox-specific. If you're
using any other provider, you'll have to use config.vm.provider in a
v2 configuration block.

Linux leap-wheezy 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon May 13 18:00:41 2013
vagrant@leap-wheezy:~$ logout
Connection to 127.0.0.1 closed.

elijah, do you have any idea why ? i see sth in the leap cli history about ssh keys, but i didn't dig deeper.

(from redmine: created on 2013-06-18, closed on 2014-03-17, relates #5364 (closed), blocks #5305 (closed))