hi LS,
I am using IPA Server - VERSION: 4.2.0, API_VERSION: 2.156sssd version on my
IPA server: 1.13.0sssd version on my IPA client (ubuntu): 1.11.8
I have new "testhip2user" created in IPA Server with 2FA enabled. My
/etc/ssh/sshd_config has this entry
AuthorizedKeysFile %h/.ssh/authorized_keys
#ChallengeResponseAuthentication no
PasswordAuthentication noMatch User testhip2user
AuthenticationMethods publickey,password:pam
publickey,keyboard-interactive:pam
When i am trying to ssh with private key of testhip2user into IPA client then
this what i see in ssh auth.log as keep getting prompted for password and then
it end with permission denied error
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password"
in AuthenticationMethods list "publickey,password:pam"
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list
"publickey,password:pam" contains disabled method, skipping
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password"
in AuthenticationMethods list "publickey,password:pam" [preauth]
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list
"publickey,password:pam" contains disabled method, skipping [preauth]Sep 21
12:42:50 ip-172-31-30-146 sshd[7533]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2userSep 21
12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2userSep 21
12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): received for user
testhip2user: 6 (Permission denied)Sep 21 12:42:53 ip-172-31-30-146 sshd[7530]:
error: PAM: Authentication failure for testhip2user from
50-201-125-254-static.hfc.comcastbusiness.net
Thanks for your time and helping me with this
Best Regards,Deepak
> Date: Fri, 16 Sep 2016 10:43:26 +0200
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Subject: Re: [Freeipa-users] 2FA using FreeIPA
>
> On (13/09/16 03:49), Deepak Dimri wrote:
> >Hi All,
> >I have below lines added to my sshd_config file for testuser.
> >
> >
> >
> >Match User testuser
> > AuthenticationMethods publickey,password:pam
> > publickey,keyboard-interactive:pam
> >I have OTP enable for tapuser in IPA and i am able to login to GUI using the
> >password + OTP. However when i try to ssh i am getting prompted for first
> >factor then second factor and then it ends with "Permission denied
> >(keyboard-interactive)." error. What could be wrong here?
> >Regards,Deepak
> >
> Please provide versions of freeIPA server packages, version of sssd.
> And it would be good to seed the exact output of ssh authentication.
>
> LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
