How to fix "Postponed keyboard-interactive for invalid user from port ssh2 [preauth]"

The other day I was unable to perform a passwordless (passphrase) based authentication for one of my user and for every attempt I was getting the below error

Error:
Postponed keyboard-interactive for invalid user deepak from 192.169.32.11 port 59754 ssh2 [preauth]
Solution:
There can be actually multiple reasons for this.

  • The user really does not exist
  • Password is locked for this user (assuming you are unable to login using the password of this user)
  • pam tally is used to deny the login for this user
  • Insufficient privilege for the user to login

To make sure if the user exists type

# id deepak
uid=1002(deepak) gid=100(users) groups=100(users)
This will give you details like userid of this user and the groups he is a member of.
In case the user doesn't exists you may get output like below
# id deepak
id: deepak: no such user
Validate your sshd config to make sure there are no user or group based restrictions. For my case this was the real culprit
In my sshd config file /etc/ssh/sshd_config I use an additional parameter
AllowGroups work wheel home root test_group
and the user I was trying to use for performing ssh was not part of any of these groups
There can also be additional parameter like ALlowUsers

If you have made recent changes to pam_tally config for sshd then try to rollback and identify the problem.

To check if the password is locked use the below link to get more information
How to check the lock status of any user account in Linux

Leave a Comment