D'oh!
# cat /etc/ssh/sshd_config.d/10-cloudimg-settings.conf
PasswordAuthentication no
rm + restart sshd, everything is hunky-dory. Sorry for the noise!
** Changed in: openssh (Ubuntu Kinetic)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1982482
Title:
SSH password login not attempted/denied
Status in openssh package in Ubuntu:
Invalid
Status in openssh source package in Kinetic:
Invalid
Bug description:
I am in the process of updating our CI for Cockpit to kinetic [1]. I
get a lot of test failures because SSH password login is broken.
This can be replicated with a clean cloud instance, so it's not
something that our VM build scripts do:
curl -L -O
https://cloud-images.ubuntu.com/daily/server/kinetic/current/kinetic-server-cloudimg-amd64.img
# nothing fancy, just admin:foobar and root:foobar
curl -L -O
https://github.com/cockpit-project/bots/raw/main/machine/cloud-init.iso
Boot the image:
qemu-system-x86_64 -cpu host -enable-kvm -nographic -m 2048 -drive
file=kinetic-server-cloudimg-amd64.img,if=virtio -snapshot -cdrom
cloud-init.iso -net nic,model=virtio -net user,hostfwd=tcp::22001-:22
For some reason that doesn't create an "admin" user. So log into VT as
root:foobar and create a user:
adduser test1
Now, inside the VM VT:
root@ubuntu:~# ssh user1@localhost
user1@localhost: Permission denied (publickey).
The same happens when trying to ssh from outside:
❱❱❱ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o
CheckHostIP=no -p 22001 user1@localhost
user1@localhost: Permission denied (publickey).
It does not seem to even *attempt* password auth:
❱❱❱ ssh -vv -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o
CheckHostIP=no -p 22001 user1@localhost 2>&1|grep -i method
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
... like it would to other OSes:
debug1: Next authentication method: keyboard-interactive
Password authentication is enabled by default:
$ grep -i password /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# PasswordAuthentication. Depending on your PAM configuration,
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication
PasswordAuthentication yes
[1] https://github.com/cockpit-project/bots/pull/3641 and
https://github.com/cockpit-project/cockpit/pull/17582
ProblemType: Bug
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1982482/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
