Reining in Misbehaving FileZilla

Although I am known to prefer command line tools, FileZilla is a tool that has accompanied me fore a very long time, although seldomly used.

Using it again after some time, I stumbled across this error, when connecting to a site:

Status:	Connecting to
Response:	fzSftp started, protocol_version=9
Command:	open "" 22
Error:	FATAL ERROR: Remote side sent disconnect message
Error:	type 2 (protocol error):
Error:	"Too many authentication failures"
Error:	Could not connect to server

The message „Too many authentication failures” is issued by the sshd server. This gets controlled by the MaxAuthTries option in the sshd_config file, which

Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.

So why were there more then 6 authentication attempts, when I just tried to connect once?

Well, turning on debug mode in FileZilla helped identifying the issue. This is similar to using -vvv with ssh, showing you much more verbose output on what is going on during the initial connection. And it showed me the culprit:

Status:	Connecting to
Response:	fzSftp started, protocol_version=9
Command:	open "" 22
Trace:	Using SSH protocol version 2
Trace:	Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
Trace:	Pageant is running. Requesting keys.
Trace:	Pageant has 11 SSH-2 keys
Trace:	Trying Pageant key #0
Trace:	Server refused our key
Trace:	Trying Pageant key #1
Trace:	Server refused our key
Trace:	Trying Pageant key #2
Trace:	Server refused our key
Trace:	Trying Pageant key #3
Trace:	Server refused our key
Trace:	Trying Pageant key #4
Trace:	Server refused our key
Trace:	Trying Pageant key #5
Trace:	Remote side sent disconnect message type 2 (protocol error): "Too many authentication failures"
Error:	FATAL ERROR: Remote side sent disconnect message

As you can see, FileZilla is communicating with the ssh-agent on my local machine (using „pageant” as the name, as this is the „putty” ssh agent on Windows OS), which tells him basically „here are the 11 keys I know of” and FileZilla runs along and tries each and every one of them, causing sshd to say „no” after the 6th attempt.

In ssh/scp, you can control this behaviour via the IdentitiesOnly option in the ssh_config:

Specifies that ssh(1) should only use the configured authentication identity and certificate files (either the default files, or those explicitly configured in the ssh_config files or passed on the ssh(1) command-line), even if ssh-agent(1) or a PKCS11Provider or SecurityKeyProvider offers more identities. The argument to this keyword must be yes or no (the default). This option is intended for situations where ssh-agent offers many different identities.

So FileZilla does not offer something similar, so we have to make it believe, that there is no ssh agent running, that it might talk to. This is easily done by setting SSH_AUTH_SOCK=”„ before starting FileZilla.

To automate this, copy the filezilla.desktop file to your local path and modify the exec line like so:

cp /usr/share/applications/filezilla.desktop ~/.local/share/applications 
gvim ~/.local/share/applications/filezilla.desktop  
Exec=env SSH_AUTH_SOCK="" filezilla

And with that, the annoying error is gone :D

Tagged as: , , , , | Author:
[Sonntag, 20211226, 22:42 | permanent link | 0 Kommentar(e)

Links from 2021-12-15

Leader election in distributed systems

Almost all systems using traditional relational database management systems (RDBMSs) rely on leader election to pick a leader database which handles all writes, and sometimes, all reads. In these systems, election may be automated, but it’s frequently done manually by a human operator.

Tagged as: , , , , , | Author:
[Donnerstag, 20211216, 05:00 | permanent link | 0 Kommentar(e)

fail2ban vs. log4shell

As it was raining today, I hacked together „apache-log4shell”, a quick & dirty fail2ban filter that blocks hosts that try to exploit or „test for” CVE-2021-44228, also known as log4shell.

As fail2ban acts on log entries (oh, the irony), this is of course NOT a safeguard against log4shell, but a mere tool to reduce the lognoise.

Testcases, … can be found in my fail2ban GitLab repo.

Tagged as: , , , , , , | Author:
[Sonntag, 20211212, 14:00 | permanent link | 0 Kommentar(e)


„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.

Me, Elsewhere

Tag Cloud

2007, 2do, a-trust,, a1, accessability, acta, advent, age, amazon, ankündigung, apache, apple, audio, austria, backup, barcamp, basteln, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, bruce sterling, buch, bürgerkarte, cars, cartoon, ccc, cfp, christmas, cloud, collection, command line, commandline, computer, computing, concert, conference, copyright, covid19, css, database, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, dev, developer, development, devops, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, Douglas Adams, download, downloads, drm, dsk, dvd, e-card, e-government, e-mail, e-voting, E71, Ein_Tag_im_Leben, elga, email, encryption, essen, eu, event, events, exchange, Extensions, fail, fedora, feedback, film, firefox, flash, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, git, gleichberechtigung, google, graz, grüne, grüninnen, hack, hacker, handtuch, handy, hardware, HHGTTG, history, how-to, howto, hp, html, humor, IBM, ibm, ical, iCalendar, image, innovation, intel, internet, internet explorer, iphone, ipod, isp, it, IT, java, javascript, job, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, linux, Linux, linuxwochen, linuxwochenende, live, living, living, lol, london, lost+found, Lotus, lotus, lotus notes, Lotus Notes, LotusNotes, lotusnotes, lotusphere, Lotusphere, Lotusphere2006, lotusphere2007, lotusphere2008, Lotusphere2008, lustig, m3_bei_der_Arbeit, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, Microsoft, microsoft, mITtendrin, mITtendrin, mobile, mood, movie, mp3, multimedia, music, musik, männer, nasa, netwatcher, network, netzpolitik, news, nokia, Notes, notes, Notes+Domino, office, online, OOXML, open source, openoffice, opensource, orf, orlando, os, outlook, patents, pc, pdf, performance, perl, personal, php, picture, pictures, podcast, politics, politik, pr, press, press, presse, privacy, privatsphäre, productivity, programming, protest, public speaking, qtalk, quintessenz, quote, quotes, radio, rant, rant, recherche, recht, release, review, rezension, rezension, rip, rss, science, search, security, server, settings, sf, shaarli, Show-n-tell thursday, sicherheit, silverlight, SnTT, social media, software, sony, sound, space, spam, sprache, sprache, spö, ssh, ssl, standards, storage, story, stupid, summerspecial, summerspecial, sun, surveillance, sysadmin, talk, talk, talks, technology, The Hitchhikers Guide to the Galaxy, theme, think, thinkpad, thunderbird, tip, tipp, tools, topgear, torrent, towel, Towel Day, TowelDay, travel, truth, tv, twitter, ubuntu, ui, uk, unix, update, usa, usb, vds, video, video, videoüberwachung, vienna, Vim, vim, vintage, vista, vorratsdatenspeicherung, vortrag, wahl, wcm, wcm, web, web 2.0, web2.0, web20, Web20, webdesign, werbung, wien, wiener linien, wikileaks, windows, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, workshops, wow, writing, wtf, Wunschzettel, wunschzettel, www, xbox, xml, xp, zensur, zukunft, zukunft, zune, österreich, österreich, övp, übersetzung, überwachung

AFK Readinglist