Hi,
I’m wondering if anyone knows what the issue might be in the following scenario, or if it’s an unsupported scenario. I have a Multipass instance (Ubuntu 20.04) which is configured to use libpam-google-authenticator for SSH. From a pure SSH perspective everything seems to be working as expected, and an MFA token is NOT required for the default ubuntu user. However, multipass services seem to be unable to complete authentication on the instance.
Specifically, I cannot shell, mount, etc. (though I can directly ssh to the instance ip). For clarity, if I ssh ubuntu@[ip] this succeeds without a prompt for a token.
This would appear to be related to the instance’s SSHD AuthenticationMethods setting, which has to be set to publickey,keyboard-interactive for the authenticator module. If I change this to just publickey all Multipass services work again.
I can, of course, override the setting for the ubuntu user…
Match user ubuntu
AuthenticationMethods publickey
…and this does work, but I would rather understand the issue, if I can, before blindly working around it.
Instance logs don’t seem to indicate authentication failures, just partial publickey authentication, then the connection is closed by the authenticating user. Host multipass logs only contain a generic ssh failed to authenticate: '' message.
Any ideas? Is the above “override” the only way to get this working, or is there something else fundamentally flawed in my configuration? My search-engine skills have let me down on this one! As, perhaps, has my surface-level knowledge of Multipass and PAM and SSHD configuration. Any insight would be greatly appreciated.