[X2Go-User] ubuntu/debian - found reason for login failures that display error msg: "Access denied. Authentication that can continue: publickey, keyboard-interactive"
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed Apr 25 21:19:39 CEST 2012
Hi Brian,
thanks for digging this out. Most of us devs are not using Ubuntu as
server OS and if we do, it is still an Ubuntu lucid.
So, please... could you put this into the X2Go wiki?
Thanks,
Mike
On Mi 25 Apr 2012 16:47:53 CEST brian mullan wrote:
> In the past I and others have had no problem with x2go client logins to
> Ubuntu/Debian x2goservers.
>
> However, sometime n the past year or two of Ubuntu & Debian OS updates
> something changed which caused the normal x2goclient session profile that
> requires the UserID -and- Password to be entered would fail giving an error
> message on the client that says:
>
> *Access denied. Authentication that can continue:
> publickey,keyboard-interactive*
>
> I finally found out the reason for this change in behavior and here's how
> to fix it.
>
> Get a terminal session with your x2goserver and edit */etc/ssh/sshd_config*
>
> *sudo nano /etc/ssh/sshd_config*
>
> in /etc/ssh/sshd_config (example was copied from Ubuntu 12.04) you will see
> the following entries:
>
> *# Change to yes to enable challenge-response passwords (beware issues with
> # some PAM modules and threads)
> ChallengeResponseAuthenticatio**n yes
>
> # Change to no to disable tunnelled clear text passwords
> PasswordAuthentication no*
>
> To fix this CHANGE *PasswordAuthentication* to "*yes*" and save the file
> and restart ssh
>
> *sudo /etc/init.d/ssh restart*
>
> *REASON for the failure & change of behavior from previous/older versions
> of Ubuntu.*
> I installed several older versions of Ubuntu going back to Ubuntu 9.10 and
> found that the installations of the Ubuntu Server changed the content of
> the /etc/ssh/sshd_config file!
>
> In older systems the entry for PasswordAuthentication either said:
>
> *# Change to no to disable tunnelled clear text passwords
> # PasswordAuthentication no*
>
> where the PasswordAuthentication line *was commented out* ... which then
> defaulted it to "YES"
> *-or-*
> the Password Authentication line was actually uncommented BUT set to "YES"
>
> *# Change to no to disable tunnelled clear text passwords
> PasswordAuthentication yes*
>
> So those older OS versions and x2go *would work* using login ID's and
> Passwords.
>
> Sometime during one of the Ubuntu 11.x releases the PasswordAuthentication
> entry was actually changed to "no" as is the case in Ubuntu 12.04 servers
> and the line was left not commented out so it was active...
>
> *# Change to no to disable tunnelled clear text passwords
> PasswordAuthentication no
> *
>
> That is what caused the failure of x2go logins using passwords and would
> present the user with that error message:
>
> *Access denied. Authentication that can continue:
> publickey,keyboard-interactive*
>
> I've made this change now and no longer see the problem on my servers so I
> wanted to share this info.
>
> Brian
>
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-user/attachments/20120425/3448aeb9/attachment.pgp>
More information about the x2go-user
mailing list