One day a multi-site administrator reported a strange bug: "After running the app's SSH connection test 2-3 times, my IP can't reach SSH on that server for a long while." The errors came back as Connection refused or Connection closed by .... The server wasn't down, and SSH from a different IP worked fine. The source IP was being temporarily banned at the server.

Two external investigation reports gave the cause: server-side protection mechanisms (fail2ban or PerSourcePenalties in OpenSSH 25+) detect short-windowed authentication failure spikes and temporarily ban the source IP. But the user had only clicked the test button 2-3 times — why were failures "spiking"?

The answer turned out to be paramiko's default behavior.

paramiko's default — trying many keys per connection

paramiko.SSHClient.connect() defaults two options to True: