Odd ssh password prompt



  • I have a 2.0.3 system with an odd ssh password prompt issues.  "ssh user@ip"  will connect to the system.

    I get a "Password:" prompt that doesn't allow me to login. If I hit return three times, the prompt changes to "user@ip password:"  This prompt will accept the password and allow me to login.

    I've tried multiple clients with the same result.


  • Rebel Alliance Developer Netgate

    If you're using ssh from the console, run it with "ssh -v user@ip" and perhaps there will be something useful in the verbose output



  • I tried that.  It showed the 1st "Password" prompts were keyboard-interactive and the 2nd batch was "password".  I'm not sure why.

    debug3: authmethod_is_enabled keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1205
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1285
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1381
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1461
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: userauth_kbdint
    debug2: we sent a keyboard-interactive packet, wait for reply
    debug3: Wrote 96 bytes for a total of 1557
    debug2: input_userauth_info_req
    debug2: input_userauth_info_req: num_prompts 1
    Password:
    debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad 64)
    debug3: Wrote 80 bytes for a total of 1637
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug2: we did not send a packet, disable method
    debug3: authmethod_lookup password
    debug3: remaining preferred:
    debug3: authmethod_is_enabled password
    debug1: Next authentication method: password
    USER@IPADDR's password:

    Answering this prompt worked.


  • Rebel Alliance Developer Netgate

    The keyboard-interactive method is more secure flexible, but not all SSH servers support it or have it enabled.

    It allows for things like multiple prompts to implement multi-factor auth and so on.


Log in to reply