possible "session password" bug - but i need help with passwords anyway

Advertisement

stgmike
Joined:
Posts:
4
Location:
seattle, washington

possible "session password" bug - but i need help with passwords anyway

I noticed there is a thread regarding this exact issue from mid 2003 form an old version of WinSCP, but the apparent fix back then was an update to the PuTTY libs - you are now using newer libs than then, so maybe their problem is back?

I am entering a domain (ftp.seattletech.com) and a user (mike) and the appropriate password (this login/pw works when using regular FTP in IE and DOS, for example). WinSCP gets to the authenticating stage, then asks for the session password for "mike@ftp.seattletech.com". Any password I try here fails with the following error:
------------
Using username "mike".
Access denied
Access denied

Server sent disconnect message
type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
"Too many authentication failures for mike"
------------

I don't have an email account for mike@ftp.seattletech.com, but I *do* have one for mike@seattletech.com. If I enter "mike@seattletech.com" for the login, WinSCP asks for the session password for "mike@seattletech.com@ftp.seattletech.com"

How can I enter an email address as a login (an email address with a different domain that the one I'm logging into)? And why is this session password problem happening (again?)?

I am running Win2K SP4, WinSCP3.68 and 3.7, trying to log into my shared host's FTP (Redhat linux 2.4.25, Apache 1.3.31.

Here is a snippet from the WinSCP log:
----------
. --------------------------------------------------------------------------
. WinSCP Version 3.7.0 (Build 254) (OS 5.0.2195 Service Pack 4)
. Login time: Friday, October 22, 2004 4:43:54 PM
. --------------------------------------------------------------------------
. Session name: mike@ftp.seattletech.com
. Host name: ftp.seattletech.com (Port: 22)
. User name: mike (Password: Yes, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-,
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "ftp.seattletech.com"
. Connecting to 65.98.117.87 port 22
. Server version: SSH-1.99-OpenSSH_3.1p1
. We believe remote version has SSH2 RSA padding bug
. We claim version: SSH-2.0-WinSCP-release-3.7
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 ff:19:cb:73:83:ac:bc:03:e3:1c:89:77:e3:4b:cb:4b
. Initialised AES-256 client->server encryption
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "mike".
. Keyboard-interactive authentication refused
. Session password prompt (mike@ftp.seattletech.com's password: )
. Using stored password.
. Sent password
! Access denied
. Access denied
. Keyboard-interactive authentication refused
. Session password prompt (mike@ftp.seattletech.com's password: )
. Asking user for password.
. Sent password
! Access denied
. Access denied
. Received disconnect message (SSH_DISCONNECT_PROTOCOL_ERROR)
. Disconnection message text: Too many authentication failures for mike
. Server sent disconnect message
. type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
. "Too many authentication failures for mike"
* (ESshFatal) Authentication failed.
* Authentication log (see session log for details):
* Using username "mike".
* Access denied
* Access denied
*
* Server sent disconnect message
* type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
* "Too many authentication failures for mike"
----------

What else do you need to know? I can provide you with the password for the "mike" account I've mentioned in this message.

Thanks!

- Mike

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
32,548
Location:
Prague, Czechia

Re: possible "session password" bug - but i need help with passwords anyway

I'll try to reproduce the problem. If I do not succeed, I'll contact you.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
32,548
Location:
Prague, Czechia

Re: possible "session password" bug - but i need help with passwords anyway

While I do not have any server with @ in usernames, it would guess that it should work. If I enter xxx@xxx as username I can see in the log message
! Using username "xxx@xxx".
And I'm prompted for session password for 'xxx@xxx@host'. This is all correct.

I may not understand your problem. Is you username really your email address or it is just your guess?
Are you sure you have access to the SSH server on ftp.seattletech.com?

Reply with quote

stgmike
Joined:
Posts:
4
Location:
seattle, washington

Re: possible "session password" bug - but i need help with passwords anyway

Unfortunately, I'm working with a shared host. I do have SSH access - I can log in with our master account. But, while I'm allowed to create additional FTP accounts, they don't work with SSH. I thought it might be a problem with WinSCP because the 'xxx@xxx@host' confused me - now I understand it. Sorry to bother you, and thanks for taking your tim to try to figure it out. It most likely is a problem of my host not allowing my additional FTP accounts access via SSH.

- Mike

Reply with quote

Dave Kappel
Joined:
Posts:
1

Too Many Authenications Failures

I also am receiving this error, it appears to re-occur with any new user I have added after initial installation. Any help would be greatly appreciated.

Here is a copy of the last user I attempted. Help...Thanks Dave

. --------------------------------------------------------------------------
. WinSCP Version 3.7.0 (Build 254) (OS 5.1.2600 Service Pack 1)
. Login time: Monday, November 01, 2004 9:16:38 AM
. --------------------------------------------------------------------------
. Session name: Angi@68.143.37.74
. Host name: 68.143.37.74 (Port: 22)
. User name: Angi (Password: Yes, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-,
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "68.143.37.74"
. Connecting to 68.143.37.74 port 22
. Server version: SSH-1.99-OpenSSH_3.9p1
. We claim version: SSH-2.0-WinSCP-release-3.7
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 fc:62:01:31:d5:f3:c1:45:10:9b:86:0c:88:bd:f3:20
. Initialised AES-256 client->server encryption
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "Angi".
. Keyboard-interactive authentication refused
. Session password prompt (Angi@68.143.37.74's password: )
. Using stored password.
. Sent password
! Access denied
. Access denied
. Keyboard-interactive authentication refused
. Session password prompt (Angi@68.143.37.74's password: )
. Asking user for password.
. Sent password
! Access denied
. Access denied
. Received disconnect message (SSH_DISCONNECT_PROTOCOL_ERROR)
. Disconnection message text: Too many authentication failures for Angi
. Server sent disconnect message
. type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
. "Too many authentication failures for Angi"
* (ESshFatal) Authentication failed.
* Authentication log (see session log for details):
* Using username "Angi".
* Access denied
* Access denied
*
* Server sent disconnect message
* type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
* "Too many authentication failures for Angi"
. --------------------------------------------------------------------------
. WinSCP Version 3.7.0 (Build 254) (OS 5.1.2600 Service Pack 1)
. Login time: Monday, November 01, 2004 9:19:14 AM
. --------------------------------------------------------------------------
. Session name: prnfs\Angi@68.143.37.74
. Host name: 68.143.37.74 (Port: 22)
. User name: prnfs\Angi (Password: Yes, Key file: No)
. Transfer Protocol: SFTP (SCP)
. SSH protocol version: 2; Compression: No
. Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. SSH Bugs: -,-,-,-,-,-,-,-,
. Proxy: none
. Return code variable: Autodetect; Lookup user groups: Yes
. Shell: default, EOL: 0
. Local directory: default, Remote directory: home, Update: No, Cache: Yes
. Cache directory changes: Yes, Permanent: Yes
. Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. --------------------------------------------------------------------------
. Looking up host "68.143.37.74"
. Connecting to 68.143.37.74 port 22
. Server version: SSH-1.99-OpenSSH_3.9p1
. We claim version: SSH-2.0-WinSCP-release-3.7
. Using SSH protocol version 2
. Doing Diffie-Hellman group exchange
. Doing Diffie-Hellman key exchange
. Host key fingerprint is:
. ssh-rsa 1024 fc:62:01:31:d5:f3:c1:45:10:9b:86:0c:88:bd:f3:20
. Initialised AES-256 client->server encryption
. Initialised AES-256 server->client encryption
. Initialised HMAC-SHA1 client->server MAC algorithm
. Initialised HMAC-SHA1 server->client MAC algorithm
! Using username "prnfs\Angi".
. Keyboard-interactive authentication refused
. Session password prompt (prnfs\Angi@68.143.37.74's password: )
. Using stored password.
. Sent password
! Access denied
. Access denied
. Keyboard-interactive authentication refused
. Session password prompt (prnfs\Angi@68.143.37.74's password: )
. Asking user for password.
. Sent password
! Access denied
. Access denied
. Received disconnect message (SSH_DISCONNECT_PROTOCOL_ERROR)
. Disconnection message text: Too many authentication failures for prnfs\Angi
. Server sent disconnect message
. type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
. "Too many authentication failures for prnfs\Angi"
* (ESshFatal) Authentication failed.
* Authentication log (see session log for details):
* Using username "prnfs\Angi".
* Access denied
* Access denied
*
* Server sent disconnect message
* type 2 (SSH_DISCONNECT_PROTOCOL_ERROR):
* "Too many authentication failures for prnfs\Angi"

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
32,548
Location:
Prague, Czechia

Re: Too Many Authenications Failures

Dave Kappel wrote:

I also am receiving this error, it appears to re-occur with any new user I have added after initial installation. Any help would be greatly appreciated.
I do not see any similarity of your problem to the one above. Can you explain this? All I can see is that you are unable to login. That's what I can hardly help you with. You should beter ask your server administrator. Or check the server log file if you are one.

Reply with quote

Advertisement

You can post new topics in this forum