[X2Go-User] ubuntu/debian - found reason for login failures that display error msg: "Access denied. Authentication that can continue: publickey, keyboard-interactive"

[brian mullan]

In the past I and others have had no problem with x2go client logins to
Ubuntu/Debian x2goservers.

However, sometime n the past year or two of Ubuntu & Debian OS updates
something changed which caused the normal x2goclient session profile that
requires the UserID -and- Password to be entered would fail giving an error
message on the client that says:

*Access denied. Authentication that can continue:
publickey,keyboard-interactive*

I finally found out the reason for this change in behavior and here's how
to fix it.

Get a terminal session with your x2goserver and edit */etc/ssh/sshd_config*

*sudo nano /etc/ssh/sshd_config*

in /etc/ssh/sshd_config (example was copied from Ubuntu 12.04) you will see
the following entries:

*# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthenticatio**n yes

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no*

To fix this CHANGE   *PasswordAuthentication* to "*yes*" and save the file
and restart ssh

*sudo /etc/init.d/ssh restart*

*REASON for the failure & change of behavior from previous/older versions
of Ubuntu.*
I installed several older versions of Ubuntu going back to Ubuntu 9.10 and
found that the installations of the Ubuntu Server changed the content of
the /etc/ssh/sshd_config file!

In older systems the entry for PasswordAuthentication either said:

*# Change to no to disable tunnelled clear text passwords
# PasswordAuthentication no*

where the PasswordAuthentication line *was commented out* ... which then
defaulted it to "YES"
*-or-*
the Password Authentication line was actually uncommented BUT set to "YES"

*# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes*

So those older OS versions and x2go *would work* using login ID's and
Passwords.

Sometime during one of the Ubuntu 11.x releases the PasswordAuthentication
entry was actually changed to "no" as is the case in Ubuntu 12.04 servers
and the line was left not commented out so it was active...

*# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
*

That is what caused the failure of x2go logins using passwords and would
present the user with that error message:

*Access denied. Authentication that can continue:
publickey,keyboard-interactive*

I've made this change now and no longer see the problem on my servers so I
wanted to share this info.

Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20120425/aa88ad6f/attachment.html>