Score:4

Ubuntu 22.10 not allowing SSH with a password (worked in Ubuntu 22.04)

cn flag

Normally I connect to our Ubuntu servers with ssh using a shared key. That works.

Occasionally I will change the /etc/ssh/sshd_config and set "PasswordAuthentication yes" to allow someone to connect using a password. If they connect without the -i option specifying a key, it will prompt them for a password

This behavior seems to have changed in the latest Ubuntu 22.10

Even with PasswordAuthentication yes in the sshd_config, attempting to ssh without a key, gives the error " Permission denied (publickey). " without ever prompting for a password

I have Ubuntu servers going back to 18 and this behavior is new.

I compared the sshd_config files between 22.04 servers (which prompt for a password) and the 22.10 servers (which don't) and all the options are configured the exact same

Any ideas what I am missing ?

Thanks

Score:2
sl flag

I stumbled on the same issue today. All documentation indicates to include PasswordAuthentication yes within /etc/ssh/sshd_config . on further investigation I noticed there's an include config option enabled. Include /etc/ssh/sshd_config.d/*.conf

Here's the path you are looking for....

Option 1: Disable the inheritance within /etc/ssh/sshd_config # Include /etc/ssh/sshd_config.d/*.conf and set PasswordAuthentication yes

Option 2: cd /etc/ssh/sshd_config.d
ls look for entries containing PasswordAuthentication no (this overrides any configuration entered in /etc/ssh/sshd_config) and set the value to yes. PasswordAuthentication no
I hope this helps.

Score:0
id flag

You're framing this as an OS thing but the way I understand it Ubuntu itself has nothing to do with SSH, that would be handled by SSHD depending on what ssh daemon is running (I'm assuming OpenSSH Server, since that's typically what comes with Ubuntu).

From the looks of it there is a new version of OpenSSH Server released last month(version 9.1 - Oct 4, 2022) whereas 9.0 was released Apr 8, 2022. I'm not sure what the default that's packaged in Ubuntu 22.04 vs 22.10 is.

A quick scan through the release notes didn't reveal anything that seemed to be of particular interest for your situation, it does seem to be a minor release, but I'm not sure how long you've been having this problem either.

Probably just check the SSHD version (ssh -V) on the machine that's giving the issue against what you were using before, and if it's different you can revert and see if that solves the problem or not. If it does, you'll probably have to dig deeper into the OpenSSH docs to pinpoint the actual root cause.

If I'm wrong and it actually is a Ubuntu thing, maybe the guys at Ask Ubuntu would know better.

user69374 avatar
cn flag
You're right of course. It turned out to be how digital ocean changed how it populates the sshd_config file. The settings you need are: PasswordAuthentication yes ChallengeResponseAuthentication yes KbdInteractiveAuthentication no
A. Trevelyan avatar
id flag
Ah cool, good to know.
Firze avatar
br flag
Yes DigitalOcean has done something indeed. I just spent hours figuring out what could possibly cause this as I was setting up new servers on DigitalOcean with a script and authentication just wasn't working and I had no idea why. It ended up being that I had to add "ChallengeResponseAuthentication yes" to sshd_config. Haven't needed it before.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.