On Wed, May 06, 2026 at 11:06:53PM +0200, Marcel Partap wrote:
Couple of weeks ago I noticed I couldn't login to my system from on the go, so
now finally got to drill a bit further down, entering the password reproducibly
with a script. The versions in stable (1:10.0p1-7+deb13u1) and stable-backports
(1:10.2p1-6~bpo13+1) work while those in testing (1:10.3p1-1) and unstable
(1:10.3p1-2) reject the correct password (with unchanged sshd_config) with
"Permission denied (publickey,password)".
I know password auth is frowned upon and probably has few users, but I guess
this is a bug and possibly might hit others. I wasn't sure how to just run the
password.sh from the regression tests, so just reporting for now. Can anyone
reproduce?
I actually hadn't noticed that there's such a regression test - it's
relatively new. Setting up the regression tests locally is quite a lot
of work, but I committed
https://salsa.debian.org/ssh-team/openssh/-/commit/28da797ee38a361b3ac0fbe6c117e206a11b9aaf
to have it run in CI, and the tests passed there. I also tried "ssh
-oPubkeyAuthentication=no" from my laptop running testing (1:10.3p1-1)
to itself and that worked fine too. So it doesn't seem to be
fundamentally broken in all cases, at least.
Have you looked in the server log (e.g. "journalctl -u ssh.service") to
see if there's any useful indication there? It may be necessary to
raise LogLevel, but you might find that there's something helpful logged
without needing to bother with that.
Thanks,
--
Colin Watson (he/him) [[email protected]]
