On Tue, 23 Dec 2014, Dmt Ops wrote: > > @ client > > debug1: Authentications that can continue: publickey Server offers the first mandatory authentication method > debug1: Trying private key: /usr/local/etc/ssh/ssh.CLIENT.ed25519 > debug2: we sent a publickey packet, wait for reply > Authenticated with partial success. Client successfully completes pubkey > debug1: Authentications that can continue: keyboard-interactive > debug1: Next authentication method: keyboard-interactive Server offers the next mandatory authentication method > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Verification code: > debug1: Authentications that can continue: keyboard-interactive > debug2: userauth_kbdint > debug2: we sent a keyboard-interactive packet, wait for reply > debug2: input_userauth_info_req > debug2: input_userauth_info_req: num_prompts 1 > Password: Client is not successful at kdb-int authentication. > @ server, level 'DEBUG2' > > disabling now > Dec 23 07:05:21 server sshd[23109]: debug2: input_userauth_request: > setting up authctxt for root [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: authentication methods list > 0: publickey,keyboard-interactive:pam [preauth] Server is configured with multiple authentication > [preauth] > Dec 23 07:05:21 server sshd[23109]: debug2: input_userauth_request: try > method publickey [preauth] client attempts pubkey > Dec 23 07:05:21 server sshd[23109]: Partial publickey for root from > 2001:xxx:xxxx:xxx::107 port 48866 ssh2: ED25519 > yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy > Dec 23 07:05:21 server sshd[23109]: debug2: userauth_pubkey: > authenticated 1 pkalg ssh-ed25519 [preauth] Client succeeds pubkey > Dec 23 07:05:21 server sshd[23109]: debug1: userauth-request for user > root service ssh-connection method keyboard-interactive [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: attempt 2 failures 1 > [preauth] > Dec 23 07:05:21 server sshd[23109]: debug2: input_userauth_request: try > method keyboard-interactive [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: keyboard-interactive devs > [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: auth2_challenge: user=root > devs= [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: kbdint_alloc: devices 'pam' > [preauth] > Dec 23 07:05:21 server sshd[23109]: debug2: auth2_challenge_start: > devices pam [preauth] > Dec 23 07:05:21 server sshd[23109]: debug2: kbdint_next_device: devices > <empty> [preauth] > Dec 23 07:05:21 server sshd[23109]: debug1: auth2_challenge_start: > trying authentication method 'pam' [preauth] > Dec 23 07:05:21 server sshd[23109]: Postponed keyboard-interactive for > root from 2001:xxx:xxxx:xxx::107 port 48866 ssh2: ED25519 > yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy:yy [preauth] server sends the password and verification code prompts to the client > Dec 23 07:05:27 server sshd[23109]: debug2: PAM: sshpam_respond > entering, 1 responses > Dec 23 07:05:27 server sshd[23109]: Postponed keyboard-interactive/pam > for root from 2001:xxx:xxxx:xxx::107 port 48866 ssh2 [preauth] > Dec 23 07:05:34 server sshd[23109]: debug2: PAM: sshpam_respond > entering, 1 responses > Dec 23 07:05:34 server sshd(pam_google_authenticator)[23111]: Invalid > verification code Client replies with credentials that are rejected by the PAM stack. Have you got keyboard-interactive working on its own with Google authenticator? It seems like a good first step... Also, if you provide any further logs then please use debug3 (ssh -vvv / sshd -ddd). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
