4. Odd ssh password prompt

Odd ssh password prompt

  • W

    I have a 2.0.3 system with an odd ssh password prompt issues.  "ssh user@ip"  will connect to the system.

    I get a "Password:" prompt that doesn't allow me to login. If I hit return three times, the prompt changes to "user@ip password:"  This prompt will accept the password and allow me to login.

    I've tried multiple clients with the same result.

    0
  • Rebel Alliance Developer Netgate

    If you're using ssh from the console, run it with "ssh -v user@ip" and perhaps there will be something useful in the verbose output

    0
  • W

    I tried that.  It showed the 1st "Password" prompts were keyboard-interactive and the 2nd batch was "password".  I'm not sure why.

    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1205
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1285
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1381
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1461
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1557
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1637
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    USER@IPADDR's password:

    Answering this prompt worked.

    0
  • Rebel Alliance Developer Netgate

    The keyboard-interactive method is more secure flexible, but not all SSH servers support it or have it enabled.

    It allows for things like multiple prompts to implement multi-factor auth and so on.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy