By When you try to connect to a remote server using SSH, you might run into the ominous "Too many authentication failures" error.
In this article we describe where this error (most likely) comes from and how to fix it.
Received disconnect: Too many authentication failures
In the following situation, an attempted SSH connection fails due to the "too many authentication failures" error:
ck@mint ~ $ ssh [email protected]
The authenticity of host '192.168.15.40 (192.168.15.40)' can't be established.
ED25519 key fingerprint is SHA256:[...].
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.15.40' (ED25519) to the list of known hosts.
Received disconnect from 192.168.15.40 port 22:2: Too many authentication failures
Disconnected from 192.168.15.40 port 22The cause: You have authenticated (wrongly) too often
Inside the SSH server, there is a setting called MaxAuthTries. This specifies the number of authentication attempts permitted per connection.
If you try to connect to the SSH server, your SSH client uses (automated) authentication attemps in the background – without you seeing it. This happens when you are using key authentication (nowadays default) and have one or more private SSH keys in use.
In verbose mode (-v) you are able to see that the SSH client sends multiple (automated) authentication attempts to the server, by using the private key(s) as Key Authentication method:
ck@mintp ~ $ ssh [email protected] -v
OpenSSH_9.6p1 Ubuntu-3ubuntu13.14, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /home/ck/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
[...]
debug1: Offering public key: /home/ck/.ssh/id_ed25519 ED25519 SHA256:[...] agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/ck/.ssh/id_rsa RSA SHA256:[...] agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: [email protected] ED25519 SHA256:[...] agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: opskey2024 ED25519 SHA256:[...] agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: opskey RSA SHA256:[...] agent
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: [email protected] ED25519 SHA256:[...] agent
Received disconnect from 192.168.15.40 port 22:2: Too many authentication failures
Disconnected from 192.168.15.40 port 22In the verbose output we can see the SSH client is sending an authentication attempts using the publickey authentication method:
debug1: Offering public key: /home/ck/.ssh/id_ed25519 ED25519 Following the verbose output, the SSH client sends the authentication attempt a total number of six times, with six different keys.
Coincidentally, six is the (default) limit of the maximum authentication attempts, defined on the SSH server:
pi@raspberrypi:~ $ grep MaxAuthTries /etc/ssh/sshd_config
#MaxAuthTries 6This could mean:
- The SSH server you want to connect to has none of the attempted public keys on the system (~/.ssh/authorized_keys)
- You are using many SSH keys and the one you need to connect to the remote server was not part of the first six attempts
Fix 1: Use Password Authentication Method
Maybe the remote server doesn't have your SSH key configured (yet) and you must use a classic user/password credential login to connect to the SSH server.
But as the SSH client (by default) automatically tries all your local SSH keys, you never get the chance to see the login or password prompt.
You can tell the SSH client to not use PublicKey authentication and use only PasswordAuthentication for this specific server:
ck@mint ~ $ ssh -o PasswordAuthentication=yes -o PubkeyAuthentication=no [email protected]
[email protected]'s password: *****************
Linux raspberrypi 6.12.47+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.47-1+rpt1~bookworm (2025-09-16) aarch64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Nov 12 10:05:59 2025 from 192.168.15.15Now the password prompt showed up and the SSH authentication worked.
Fix 2: Use a specific SSH private key for the connection
If you have so many SSH keys on your system that the SSH client runs into the "too many authentication failures" error before ever attempting the specific SSH key for this SSH server, you can tell the SSH client to use a specific SSH key (-i) only.
ck@mint ~ $ ssh -i ~/.ssh/id_rsa_zenith [email protected]
Linux raspberrypi 6.12.47+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.12.47-1+rpt1~bookworm (2025-09-16) aarch64
[...]Fix 3: Increase MaxAuthTries (no, you should not)
This fix would technically help for the situation that you have so many private SSH keys, that you just want to increase the number of authentication attempts. BUT THIS IS A BAD IDEA. This increases the number of authentication attempts not just for you, but for anyone trying to connect to the SSH server. Including malicious folks.
Purely technically speaking though, it would be a fix for that mentioned many keys situation.
Enable (comment-out = remove the # character) MaxAuthTries in /etc/ssh/sshd_config and change the value to a higher number. You need to be root for this or use elevated privileges using sudo.
pi@raspberrypi:~ $ sudo vim /etc/ssh/sshd_config
pi@raspberrypi:~ $ grep MaxAuthTries /etc/ssh/sshd_config
MaxAuthTries 10Then restart the SSH service:
pi@raspberrypi:~ $ sudo systemctl restart ssh
