Too Many Authentication Failures – Filezilla

TFileZilla logorust me, we’ve all been there.

And yes, it is immensely frustrating.

Picture the scene – you’ve been good and decided to use key based SSH for securely transferring files between your servers and local machines.  You’ve disabled password access to shore up security even more.  You’re used to using passwords – but keyfiles are no biggie.

Until…

“Too many authentication failures”

Panic can certainly start to set in, particularly as Filezilla continues to try and connect when it’s clearly not going to work no matter how many times it tries!  You’re asking yourself why oh why it would attempt such a futile task.  But really, the only question you want answering is why its not working properly.

And usually, the solution is fairly simple.

Keys saved in Pageant

Pageant, or the PuTTy authentication agent, is a handy key repository used by not only the PuTTy SSH/Bash client but also other third party software – including Filezilla.

You load up your first key, go to Filezilla and all is OK.  For Now.  Maybe.

But you add a few more keys and bang, the sh*t has hit the fan.

What’s Up?

Or more like, what’s down?  And the answer to that question will be access to your server from your IP as you do your best imitation of a brute force attack.  Don’t panic though, there’s a fairly reasonable way around it.

Yes Pageant plays nicely with a few keys.  But Filezilla will try each one in order and any reasonably configured server will only allow a few attempts before it decides you are trying to brute force your way.

Fortunately, the answer is fairly simple…

Unfortunately, it means not using Pageant for Filezilla.

Filezilla Key Configuration

Although when you used Pageant and only had a couple of keys you didn’t have to do this and life seemed so much easier, for server / website admins with more than a few sites to manage, it’s more heartache than it’s worth.

You’ve probably got a site configured currently that looks a bit like this:

Head over to the Logon Type dropdown and you’ll notice a Keyfile option – give that a press:

Your password input box will disappear to be replaced by a key file input box:

Go ahead, click on ‘Browse…’ and select your key file.  Job done.

Next time you try to connect to your server, it’ll only try the appropriate key file preventing any pesky brute force look-a-like ‘attacks’ as you try to login.  Enter your key password and boom, you’re in!

FTP & Transferring Files From Your Computer To Your Website

FTP Status

FTP (File Transfer Protocol) and it’s secure alternative SFTP (understandably meaning Secure File Transfer Protocol) is without doubt one of the most popular ways of transferring files from your computer to your web server (i.e. your website).

In days gone by, there were a number of ways to avoid using FTP/SFTP.  Most notably was during the ‘Frontpage generation’.  Anyone remember Microsoft Frontpage?  Well, for those that don’t, it was like a very basic Dreamweaver.  You could install ‘Frontpage Extensions‘ on your website and then upload your file directly from Frontpage using these extensions.

Why is Frontpage bad?

However, there were (and still are) many downsides to this.  First and foremost is security.  Frontpage extensions cause a whole load of security issues for your website and your server.  Most shared hosting providers won’t enable or allow you to have Frontpage extensions – but if you’re in control of your own server (i.e. have root access) then you would still be able to use them.  However, as Frontpage has reached its End of Life (EOL) now and is no longer updated, it is of course no longer recommended to use them.

Secondly, there’s crap.  What have Frontpage and crap got in common I hear you say?  Well Frontpage likes to crap…… as in place crap in every folder throughout your entire website (that’s those annoying _vti folders that some of us fondly remember!).

Thirdly, and finally, there is a better easier way!

Scary FTP?  A protocol for all systems…

For so long people have been scared by FTP.  For reasons unknown!  But it is really simple to use and there are many clients available out there for all operating systems including Windows, OS X, Linux and many many more – in fact, if you can find us an operating system without an FTP client, we’d like to know!

FileZilla logo

A common FTP shaped theme?

FTP was also supported in Frontpage, but the extensions usually got most of the attention.  The successor to Frontpage was Expression Web.  This was a slightly updated Frontpage.  It still included Frontpage extensions but the focus was changed to neutral again – no particular bias towards the extensions or to FTP.  And then you have newer, more superior and professional products such as Adobe Dreamweaver.  Dreamweaver supports FTP/SFTP – and thankfully, and obviously, doesn’t support Frontpage extensions!

See a common theme?  FTP/SFTP has survived through the times, the developers and the products.  It is now the standard in transferring files between your computer and your website.  And it is fast and efficient – especially if you are using a good FTP client (such as Filezilla).

The trusty old file manager.

There is of course another option which is still available and included in most web control panels.  That is ‘File Manager’ – you’ll notice them in control panels such as cPanel and Plesk.  However, one-file-at-a-time uploads aren’t really that productive.  They’re useful for changing the odd picture or the odd script here and there but not when you’re about to upload 100 new pictures or 1,000 new pages!

(Very short) Conclusion.

So FTP, FTP, FTP all the way (preferably SFTP – to add the bit of extra security to the transfers!).

FTP Status Image: dougww