Unable to run Software Update due to "Failed to obtain authentication."

[okynnor]

Explain what happens

1. Login to the main machine running Cockpit on Ubuntu 20.04 .. able to run Software Update
2. Add a new host running Ubuntu 20.04
3. Able to login as Sudoer user but needs administrative privileges --> so enter my admin password
4. go to Software Update, tried to login and fails with "Failed to obtain authentication."
5. Log show: ronny : 3 incorrect password attempts ; TTY=unknown ; PWD=/run/user/1000 ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged

Googling tells me that this is could be a session cooking issue or an issue in the configuration at /usr/share/cockpit/shell/manifest.json.

Bear in mind that if I go to Terminal in Cockpit, I can run sudo apt update && sudo apt upgrade -y in unprivileged mode. It nicer to run the Software Update found in Cockpit though but it needs privilege mode though.

Would like to ask how to solve this issue one and for all, please.

Version of Cockpit

264-1ubuntu0.22.04.1~bpo20.04.1

Where is the problem in Cockpit?

Software updates

Server operating system

Ubuntu

Server operating system version

20.04

What browsers are you using?

Chrome

System log

No response

[martinpitt]

Able to login as Sudoer user but needs administrative privileges --> so enter my admin password

That's with the "Limited access" button in the top navbar or the "Turn on administrative access" button in the overview?

Does that succeed? I suppose this failed. What exactly happens?

System log No response

Well, we really need that to figure out what's wrong. "3 incorrect password attempts" sounds obvious, but I take it you didn't just typo your password :grin:

[okynnor]

@martinpitt, yes, that's correct with regards to Turn on administrative access. I enter the admin password. Yes, I can get Software Update for that particular host - the second host. Then, I go to a third node that's also running Ubuntu 20.04, and this time, I don't get the prompt to "turn on administrative access", in third node, Software update fails with "ronny : 3 incorrect password attempts ; TTY=unknown ; PWD=/run/user/1000 ; USER=root ; COMMAND=/usr/bin/cockpit-bridge --privileged". I suspect that it's the cookie that's remembering the last password from the second host?

Thinking that this could be an issue, I closed off Chrome/Edge, and opened a Private session (InPrivate in Edge/Incognito in Chrome) but the problem still persists.

FYI - I have 6 Ubuntu 20.04 hosts and 1 raspberryPi 3b (32-bit Raspbian) that are all setup and running on Cockpit. Only one machine is what I use as the "main" one that connects to all 5 other hosts.

[martinpitt]

Ah, it wasn't clear to me that this involved a remote host. Indeed the SSH handling has been reworked significantly in a later version. In particular, version 267 stops trying to "opportunistically" get sudo on a remote host, see issue #17169, which still exists in that old version.

So this is a duplicate of #17169, and I'm afraid the only supported (by us) solution is to upgrade to Ubuntu 22.04 LTS.

[okynnor]

Just to confirm that I must upgrade ALL my servers from 20.04LTS to 22.04LTS or just the single server that connects to all the other hosts? Ideally, I'd like to keep most of them on 20.04LTS.

[martinpitt]

@okynnor Just the single server that has cockpit's web server. The ones you connect to can run pretty much anything.

[okynnor]

I have upgraded the main host to Ubuntu 22.04.4 LTS. The problem/issue was partly resolved; meaning that it works on some hosts and doesn't work on other hosts. Recall that the remaining hosts are all running either Ubuntu 20.04LTS or 1 device on Raspberry PI. Out of the 10 devices, only the host and one other seem to work as expected. The rest, I can only login and see the dashboard. This means that the other 8 hosts all I see is what I have attached on the screenshots for reference. The shot a waiting to load circle under Software Updates. Mind you that none of the other menu items work (i.e. Logs, Storage, Networking, Accounts, etc); meaning that the behaviour is the same as the Software Updates menu item.