• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • How to fix "Postponed keyboard-interactive for invalid user from port ssh2 [preauth]"

    The other day I was unable to perform a passwordless (passphrase) based authentication for one of my user and for every attempt I was getting the below error

    Postponed keyboard-interactive for invalid user deepak from port 59754 ssh2 [preauth]
    There can be actually multiple reasons for this.
    • The user really does not exist
    • Password is locked for this user (assuming you are unable to login using the password of this user)
    • pam tally is used to deny the login for this user
    • Insufficient privilege for the user to login

    To make sure if the user exists type

    # id deepak
    uid=1002(deepak) gid=100(users) groups=100(users)

    This will give you details like userid of this user and the groups he is a member of.
    In case the user doesn't exists you may get output like below
    # id deepak
    id: deepak: no such user

    Validate your sshd config to make sure there are no user or group based restrictions. For my case this was the real culprit
    In my sshd config file /etc/ssh/sshd_config I use an additional parameter
    AllowGroups work wheel home root test_group
    and the user I was trying to use for performing ssh was not part of any of these groups
    There can also be additional parameter like ALlowUsers

    If you have made recent changes to pam_tally config for sshd then try to rollback and identify the problem.

    To check if the password is locked use the below link to get more information
    How to check the lock status of any user account in Linux

    How to fix "Postponed keyboard-interactive for invalid user from port ssh2 [preauth]" How to fix "Postponed keyboard-interactive for invalid user <username> from <host> port <port_no> ssh2 [preauth]" Reviewed by admin on Saturday, December 16, 2017 Rating: 5

    No comments:

    Powered by Blogger.