Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Odd ssh password prompt

    General pfSense Questions
    2
    4
    1162
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wkk2 last edited by

      I have a 2.0.3 system with an odd ssh password prompt issues.  "ssh user@ip"  will connect to the system.

      I get a "Password:" prompt that doesn't allow me to login. If I hit return three times, the prompt changes to "user@ip password:"  This prompt will accept the password and allow me to login.

      I've tried multiple clients with the same result.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        If you're using ssh from the console, run it with "ssh -v user@ip" and perhaps there will be something useful in the verbose output

        1 Reply Last reply Reply Quote 0
        • W
          wkk2 last edited by

          I tried that.  It showed the 1st "Password" prompts were keyboard-interactive and the 2nd batch was "password".  I'm not sure why.

          debug3: authmethod_is_enabled keyboard-interactive
          debug1: Next authentication method: keyboard-interactive
          debug2: userauth_kbdint
          debug2: we sent a keyboard-interactive packet, wait for reply
          debug3: Wrote 96 bytes for a total of 1205
          debug2: input_userauth_info_req
          debug2: input_userauth_info_req: num_prompts 1
          Password:
          debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
          debug3: Wrote 80 bytes for a total of 1285
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug2: userauth_kbdint
          debug2: we sent a keyboard-interactive packet, wait for reply
          debug3: Wrote 96 bytes for a total of 1381
          debug2: input_userauth_info_req
          debug2: input_userauth_info_req: num_prompts 1
          Password:
          debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
          debug3: Wrote 80 bytes for a total of 1461
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug2: userauth_kbdint
          debug2: we sent a keyboard-interactive packet, wait for reply
          debug3: Wrote 96 bytes for a total of 1557
          debug2: input_userauth_info_req
          debug2: input_userauth_info_req: num_prompts 1
          Password:
          debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
          debug3: Wrote 80 bytes for a total of 1637
          debug1: Authentications that can continue: publickey,password,keyboard-interactive
          debug2: we did not send a packet, disable method
          debug3: authmethod_lookup password
          debug3: remaining preferred:
          debug3: authmethod_is_enabled password
          debug1: Next authentication method: password
          USER@IPADDR's password:

          Answering this prompt worked.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            The keyboard-interactive method is more secure flexible, but not all SSH servers support it or have it enabled.

            It allows for things like multiple prompts to implement multi-factor auth and so on.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy