Odd ssh password prompt
-
I have a 2.0.3 system with an odd ssh password prompt issues. "ssh user@ip" will connect to the system.
I get a "Password:" prompt that doesn't allow me to login. If I hit return three times, the prompt changes to "user@ip password:" This prompt will accept the password and allow me to login.
I've tried multiple clients with the same result.
-
If you're using ssh from the console, run it with "ssh -v user@ip" and perhaps there will be something useful in the verbose output
-
I tried that. It showed the 1st "Password" prompts were keyboard-interactive and the 2nd batch was "password". I'm not sure why.
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1205
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
debug3: Wrote 80 bytes for a total of 1285
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1381
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
debug3: Wrote 80 bytes for a total of 1461
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1557
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
debug3: Wrote 80 bytes for a total of 1637
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
USER@IPADDR's password:Answering this prompt worked.
-
The keyboard-interactive method is more
secureflexible, but not all SSH servers support it or have it enabled.It allows for things like multiple prompts to implement multi-factor auth and so on.