Closed andiariffin closed 1 month ago
I managed to solve the issue, actually it is due to sshd
configuration. Changing the ChallengeResponseAuthentication
value from no
to yes
in /etc/ssh/sshd_config.d/50-redhat.conf
solved the issue.
Ah, sorry. I should have noted this in the wiki perhaps. The default in openSUSE works, but the sshd config does need to be modified on some distros.
Description
I am experiencing an issue when attempting to use SSH with Himmelblau. The following error message is displayed:
Steps to Reproduce
localhost
):ssh andi@mycompanydomain.com@localhost
andi@mycompanydomain.com@localhost's password:
Permission denied, please try again.
Expected Behavior
Once the correct password is entered, the login process is followed by entering the MFA token. Once the correct token is entered, users can log into the server using their Entra ID account.
Actual Behavior
The SSH attempt fails after entering the correct password, and the error message
[error]: GeneralFailure("InvalidClientRequest")
is displayed.Additional Context
OS: RHEL 9.4 (Plow) Himmelblau version: main (latest commit: https://github.com/himmelblau-idm/himmelblau/commit/363a31a1ea36feade281c9ba198f13501e80cff9)
PAM configuration:
Himmelblau configuration (
himmelblau.conf
):Himmelblau daemon is started using the following command:
Running the
auth-test
is successful:Running
getent
command also return a result:If you need the full
himmelblaud
debug log, please let me know. Thank you for looking into this issue.