2

On a new Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-1017-aws x86_64), I have installed Google Authenticator [1] and configured it in the following way

/etc/pam.d/sshd
#@include common-auth
...
auth required pam_google_authenticator.so nullok


/etc/ssh/sshd_config
...
ChallengeResponseAuthentication yes
...
AuthenticationMethods publickey,keyboard-interactive

Which works on Ubuntu 16, but not Ubuntu 18 with the following error when trying to log in:

$ ssh ubuntu@server
ubuntu@server: Permission denied (keyboard-interactive).

It seems something has changed with the new version of Ubuntu.

When i enable debug, there is no further information

Aug 17 11:40:31 ip-10-0-0-182 sshd(pam_google_authenticator)[6834]: debug: start of google_authenticator for "ubuntu"
Aug 17 11:40:31 ip-10-0-0-182 sshd[6832]: error: PAM: Permission denied for ubuntu from X.X.X.X
Aug 17 11:40:32 ip-10-0-0-182 sshd[6832]: Connection closed by authenticating user ubuntu X.X.X.X port 61076 [preauth]

ps. The home directory is NOT encrypted

[1] apt-get install libpam-google-authenticator

Christian
  • 746
  • 3
  • 13
  • 30
  • did you run `google-authenticator` for the ubuntu user? – CjS Oct 29 '18 at 07:43
  • I did. The problem doesnt happen when I manually configure it. But when I use a cloud-init script, it doesnt work. Very odd behaviour :/ – Christian Oct 29 '18 at 15:07

1 Answers1

-1

on 18.04, I tried removing the AuthenticationMethod line, and it worked for me

John Tan
  • 1