Author Topic: Two Factor authentication error with mod_sftp and mod_sftp_pam  (Read 927 times)

Offline unnikpr

  • New user
  • *
  • Posts: 12
    • View Profile
I facing issue with implementing DUO security with proftpd. I have enabled interactive login in the account and the failed with following error,

2018-08-13 23:31:12,828 mod_sftp/1.0.0[30061]: sending acceptable userauth methods: keyboard-interactive,password
2018-08-13 23:31:15,351 mod_sftp/1.0.0[30061]: expecting USER_AUTH_INFO_RESP message, received SSH_MSG_IGNORE (2)
2018-08-13 23:31:16,629 mod_sftp_pam/0.3[30061]: PAM authentication error (7) for user 'john': Authentication failure
2018-08-13 23:31:16,629 mod_sftp/1.0.0[30061]: sending userauth failure; remaining userauth methods: keyboard-interactive,password
2018-08-13 23:31:18,998 mod_sftp/1.0.0[30061]: client at sent SSH_DISCONNECT message: Unable to authenticate (Authentication cancelled by user)

additional log from messages log

Aug 13 23:31:15 localhost proftpd: Aborted Duo login for 'unnikrishnanpr' from Error gathering user response
Aug 13 23:31:16 localhost proftpd[30061]: ([]) - mod_sftp_pam/0.3: PAM authentication error (7) for user 'unnikrishnanpr': Authentication failure

The sshd pam configuration as follows,

[root@localhost proftpd]# cat /etc/pam.d/sshd
auth       required
auth       substack     password-auth

auth  required
auth  sufficient
auth  requisite
#auth  required
# more below modified portion only posting.

for sshd it is working fine. but if i configure the module in proftpd it is causing error.

Configuration file attached as : proftpd_20180813a.conf
Trace log attached as : proftpd-trace.log

Please help me to resolve and any additional information required also i can provide to debug further.



sighted planning