AUTH_FAIL_PUBKEY(failed in publickey authentication)
04-17-2017 06:20 AM
I'm experiencing some issues where domain users are unable to login using password based authentication, however ssh from another server works fine, only when users are required to enter passowrd it fails. Logs report below error,
reason=AUTH_FAIL_PUBKEY(failed in publickey authentication)
reason=AUTH_FAIL_KBDINT(failed in keyboard interactive authentication.)
Any help on this will be appreciated.
04-17-2017 07:11 AM
Welcome to the Centrify Express forums.
Can you please let us know what's the current version of OpenSSH you're using on the system exhibiting the problem?
What is the version of Centrify Express?
Finally, remember that you don't need to install Centrify-enhanced OpenSSH.
See this thread for a similar exchange: http://community.centrify.com/t5/Centrify-Express/Using-publickey-authentication-for-ssh/td-p/21412
04-17-2017 07:23 AM
below is the output of command s that you requested.
# which sshd
# adinfo -v
adinfo (CentrifyDC 5.2.3-429)
04-17-2017 07:37 AM
Hmm... that's an old version. Perhaps this is not a new issue.
Can you confirm that this is happening only on that system? and that it was working before? (or perhaps this has been an old issue); if it was working, what happened between it worked vs. now?
My advice (because this seems to be a local issue, based on your description) is that you do an SSH trace and find the root of the problem. In addition, the whole idea about using a solution like Centrify for UNIX/Linux is to consolidate the identity sources. If you have users signing-in with their AD credential (username/password or Kerberos SSO) AND with SSH keys, this is a redundancy that causes these types of errors.
To do an SSH trace, do the following:
- In the server exhibiting the issue, run sudo /usr/share/centrifydc/sbin/sshd -ddde -p 2222 to start the SSHD server in the foreground with verbosity turned on.
- From the ssh client, connect to the SSHD server on port 2222,
ssh -p 2222 -vvv <hostname>
- Pay close attention to the session on the server
Most of the time, the issue may be related to the user not typing the password correctly, or simply a configuration issue.
Please note, since you're using Express, the current community supported version is 5.4.x and Centrify-enhanced OpenSSH is an optional component.