PAM: Error in service module for <username> from <ip>

[jkaberg]

Getting the error in title when I try to authenticate, any ideas as to why?

Docker-compose

bastion:
  image: cloudposse/bastion
  restart: unless-stopped
  hostname: <redacted>
  volumes:
    - /home:/home
    - /etc/passwd:/etc/passwd:ro
    - /etc/shadow:/etc/shadow:ro
    - /etc/group:/etc/group:ro
    - ${STORAGE_DIR}/bastion/ssh:/etc/ssh
  environment:
    - DUO_IKEY=<redacted>
    - DUO_SKEY=<redacted>
    - DUO_HOST=<redacted>
  networks:
    - dmz

Logs

bastion_1          | Initializing duo
bastion_1          | - Enabling DUO MFA
bastion_1          | Initializing enforcer
bastion_1          | - Enabling Enforcer
bastion_1          | - Enabling Clean Home
bastion_1          | Initializing google-authenticator
bastion_1          | Initializing hostname
bastion_1          | Initializing rate-limit
bastion_1          | - Enabling Rate Limits
bastion_1          | - Users will be locked for 300s after 5 failed logins
bastion_1          | - Fail delay of 3000000 micro-seconds
bastion_1          | Initializing secure-proc
bastion_1          | - Locking down /proc
bastion_1          | Initializing slack
bastion_1          | Initializing ssh-audit
bastion_1          | - Disabling SSH Audit Logs
bastion_1          | Initializing ssh-authorized-keys-command
bastion_1          | Initializing ssh-host-key
bastion_1          | Server listening on :: port 22.
bastion_1          | Server listening on 0.0.0.0 port 22.
bastion_1          | PAM: Error in service module for <username> from <ip>
bastion_1          | Connection closed by authenticating user <username> <ip> port 37642 [preauth]

The test user exists within Duo with corresponding username

[jkaberg]

The bastion container didnt have internet access 😄