Public bug reported: I am in the process of updating our CI for Cockpit to kinetic [1]. I get a lot of test failures because SSH password login is broken.
This can be replicated with a clean cloud instance, so it's not something that our VM build scripts do: curl -L -O https://cloud-images.ubuntu.com/daily/server/kinetic/current/kinetic-server-cloudimg-amd64.img # nothing fancy, just admin:foobar and root:foobar curl -L -O https://github.com/cockpit-project/bots/raw/main/machine/cloud-init.iso Boot the image: qemu-system-x86_64 -cpu host -enable-kvm -nographic -m 2048 -drive file=kinetic-server-cloudimg-amd64.img,if=virtio -snapshot -cdrom cloud-init.iso -net nic,model=virtio -net user,hostfwd=tcp::22001-:22 For some reason that doesn't create an "admin" user. So log into VT as root:foobar and create a user: adduser test1 Now, inside the VM VT: root@ubuntu:~# ssh user1@localhost user1@localhost: Permission denied (publickey). The same happens when trying to ssh from outside: ❱❱❱ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 22001 user1@localhost user1@localhost: Permission denied (publickey). It does not seem to even *attempt* password auth: ❱❱❱ ssh -vv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 22001 user1@localhost 2>&1|grep -i method debug1: Next authentication method: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. ... like it would to other OSes: debug1: Next authentication method: keyboard-interactive Password authentication is enabled by default: $ grep -i password /etc/ssh/sshd_config #PermitRootLogin prohibit-password # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # PasswordAuthentication. Depending on your PAM configuration, # the setting of "PermitRootLogin without-password". # PAM authentication, then enable this but set PasswordAuthentication PasswordAuthentication yes [1] https://github.com/cockpit-project/bots/pull/3641 and https://github.com/cockpit-project/cockpit/pull/17582 ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1 ** Affects: openssh (Ubuntu) Importance: High Status: New ** Affects: openssh (Ubuntu Kinetic) Importance: High Status: New ** Tags: kinetic regression-release -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1982482 Title: SSH password login not attempted/denied Status in openssh package in Ubuntu: New Status in openssh source package in Kinetic: New Bug description: I am in the process of updating our CI for Cockpit to kinetic [1]. I get a lot of test failures because SSH password login is broken. This can be replicated with a clean cloud instance, so it's not something that our VM build scripts do: curl -L -O https://cloud-images.ubuntu.com/daily/server/kinetic/current/kinetic-server-cloudimg-amd64.img # nothing fancy, just admin:foobar and root:foobar curl -L -O https://github.com/cockpit-project/bots/raw/main/machine/cloud-init.iso Boot the image: qemu-system-x86_64 -cpu host -enable-kvm -nographic -m 2048 -drive file=kinetic-server-cloudimg-amd64.img,if=virtio -snapshot -cdrom cloud-init.iso -net nic,model=virtio -net user,hostfwd=tcp::22001-:22 For some reason that doesn't create an "admin" user. So log into VT as root:foobar and create a user: adduser test1 Now, inside the VM VT: root@ubuntu:~# ssh user1@localhost user1@localhost: Permission denied (publickey). The same happens when trying to ssh from outside: ❱❱❱ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 22001 user1@localhost user1@localhost: Permission denied (publickey). It does not seem to even *attempt* password auth: ❱❱❱ ssh -vv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 22001 user1@localhost 2>&1|grep -i method debug1: Next authentication method: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. ... like it would to other OSes: debug1: Next authentication method: keyboard-interactive Password authentication is enabled by default: $ grep -i password /etc/ssh/sshd_config #PermitRootLogin prohibit-password # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # PasswordAuthentication. Depending on your PAM configuration, # the setting of "PermitRootLogin without-password". # PAM authentication, then enable this but set PasswordAuthentication PasswordAuthentication yes [1] https://github.com/cockpit-project/bots/pull/3641 and https://github.com/cockpit-project/cockpit/pull/17582 ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: openssh-server 1:9.0p1-1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1982482/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
