Unable to authorize the client and cannot set a passphrase workaround

Hey All,

We recently updated Multipass to version 1.9 and with it, there is now a way to authorize clients to connect to the Multipass service for better security and allow users not part of an admin group to use the multipass client.

We tried to put in logic to make it seamless for previous installs that upgrade to 1.9 without needing any intervention, but this seems to not be the case as evidence by this, this, and this.

If you stumble here trying to find a solution, first, apologies for your troubles, and second, this post should hopefully help you fix the issue and be able to continue to use Multipass. I’ve been looking at the code over and over and have yet to figure out what is triggering this issue…

How to recover on Linux

$ sudo snap stop multipass
$ sudo killall multipass.gui
$ sudo rm /var/snap/multipass/common/data/multipassd/authenticated-certs/multipass_client_certs.pem
$ sudo cp ~/snap/multipass/current/data/multipass-client-certificate/multipass_cert.pem /var/snap/multipass/common/data/multipassd/authenticated-certs/multipass_client_certs.pem
$ sudo snap start multipass

How to recover on macOS

$ sudo launchctl unload /Library/LaunchDaemons/com.canonical.multipassd.plist
$ sudo killall Multipass
$ sudo rm /var/root/Library/Application\ Support/multipassd/authenticated-certs/multipass_client_certs.pem
$ sudo cp ~/Library/Application\ Support/multipass-client-certificate/multipass_cert.pem /var/root/Library/Application\ Support/multipassd/authenticated-certs/multipass_client_certs.pem
$ sudo launchctl load /Library/LaunchDaemons/com.canonical.multipassd.plist

After the above steps for either platform, the multipass client running under your current user should connect without and authorization errors.

Again, apologies for the troubles and hopefully Multipass is working for you again! Thanks for using Multipass!

3 Likes

I have implemented the recommendation on my Mac but I the solution doesn’t work for me:

user@iMac ~ % multipass list
list failed: The client is not authenticated with the Multipass service.
Please use 'multipass authenticate' before proceeding.

I attempted this on macOS Monterey a few times, and after about the 3rd try, and restarting the mac each time, it eventually worked.

There’s also an error on the second command, there is a . at the end of the pem file.

1 Like

Hey @jonathanbossenger,

Thanks for pointing out the typo. I just fixed it :slightly_smiling_face:

2 Likes

No problem @townsend, glad I could help in some small way.

Hello,

the workaround is not working for me on ubuntu 22.04. still the same error.

Best regards,
Daniel

Hello @daniellenz,

Sorry for your troubles. Is the Multipass tray icon client still running when you do the steps outlined above? If so, quit that and then do those steps and see if that helps.

Thanks!

@townsend I hope you don’t mind me asking this here.

I am on macOS, I have a shell script that I run with sudo, which provisions a local working directory, and some other OS-level things (hence requiring sudo) and then runs multipass exec to do further provisioning/setup on the multipass instance.

At the point of running multipass exec I get the “client is not authenticated with the Multipass service” error. However, I can run the command as a normal use from the macOS terminal. This seems to be related to the upgrade, as I didn’t have this problem before.

This makes me think I need to also allow the root user on the mac to also be authorized to connect to the multipass service.

Do you know if there is an additional place on a Mac that the multipass_client_certs.pem needs to be copied to, in order to fix this for the root user?

Thanks in advance.

Hi @jonathanbossenger!

What you need to do is with your normal user that is authenticated, run:
$ multipass set local.passphrase
and set the passphrase.

Then with the sudo user, run:
$ multipass authenticate
and enter the passphrase you just set.

I know, it seems counterintuitive that the sudo user needs to authenticate, but the Multipass daemon has no concept of user privileges, so it only trusts the first client that had permission to connect to the Multipass socket and after that, all other users’ clients need to authenticate regardless of privileges.

Thanks!

1 Like

I’m using multipass in Windows 11 using hyper-v. When I set the env var MULTIPASS_STORAGE=d:\dev\vm\multipass thinking that the vhd files can be saved in that location.
It instead messed up multipass. Authentication error, blah blah blah. Every command didn’t work due to authentication error.
Spent 2 days googling, re-installing multiple times. Finally, I decided to take a video of the installation process and saw that multipass was trying to authenticate with hyper-v and it was looking to my d drive for cert file and it was empty. So I remove the env var that I put in 2days ago which I forgot I did. Re-installed and now everything’s working now.

I’m posting this hoping it will help someone save time.

我找到了解决Windows系列出现此问题后的两种解决方案,此方案应该适用于Windows与Windows Server,我只在Windows Server 2022中做过验证,下面将进行说明。

问题描述

我在Winodws中安装multipass后,参考 配置外部数据储存位置 修改了Multipass的外部数据储存位置,导致出现此错误。

  • 当我进行相关操作时,multipass让我进行授权
  • 当我进行授权时,multipass告知我没有设置授权密钥
  • 当我设置授权密钥时,multipass让我进行授权

这让我陷入了一个无限循环,无法正常使用multipass

两种解决方案说明

  • 当你不愿意或者无法重新安装Multipass时,请参考第一种解决方案
  • 如果你可以重新安装Multipass请参考第二种解决方案
  • 当然我推荐把两种方案都看一遍,便于下次遇到此问题快速解决

第一种解决方案:

Multipass安装后会自动创建 C:\ProgramData\Multipass 目录,里面保存一些参与身份确权的相关文件,当我修改了Multipass的外部数据储存位置后,Multipass并没有完全复制或重新创建这些文件,导致Multipass无法完成确权过程。
我手动将 C:\ProgramData\Multipass\data\authenticated-certs 目录,复制到修改后的外部数据储存位置的data目录下,问题被解决了。Multipass不再向我询问我密钥

第二种解决方案:

我将旧的 Multipass 卸载,并重新设置外部数据储存位置,然后重新安装Multipass,问题被解决了。Multipass不再向我询问我密钥。
观察外部数据储存位置发现自动创建了authenticated-certs目录

Sorry, my English is not very good, so I used translation software,

I have found two solutions to solve this problem in Windows series. This solution should be applicable to Windows and Windows Server. I have only verified it in Windows Server 2022, which will be explained below.

#Problem description

After installing multipass in Winodws, I modified the external data storage location of multipass by referring to the configuration of external data storage location,This error occurred.

Description of two solutions

  • When you are unwilling or unable to reinstall Multipass, please refer to the first solution
  • If you can reinstall Multipass, please refer to the second solution
  • Of course, I recommend that you look at both solutions so that you can quickly solve this problem next time

The first solution

The C:\ProgramData\Multipass directory will be automatically created after the installation of Multipass,There are some related files involved in the authentication. When I modified the external data storage location of Multipass, Multipass did not completely copy or recreate these files, resulting in the inability of Multipass to complete the authentication process.
I manually copied the C:\ProgramData\Multipass\data\authenticated-certs directory to the data directory of the modified external data storage location, and the problem was solved. Multipass will no longer ask me for my key

The second solution

I uninstalled the old Multipass, reset the external data storage location, and then reinstalled Multipass. The problem was solved. Multipass no longer asks me for my key.

Observe the external data storage location and find that the authenticated-certs directory is automatically created