Connection failure with ssh and keyboard-interactive

[davidneunhoeffer]

Please answer the questions below, it helps us to track the issue.

1. Which driver are you using and version of it (Ex: PostgreSQL 10.0): 10.5.15-MariaDB-0+deb11u1

2. Which TablePlus build number are you using (the number on the welcome screen, Ex: build 81): 4.10.2 (202) - x64

3. The steps to reproduce this issue: I'm currently working with Win10 and i want to connect to a Linux Debian 11 over ssh and keyboard-interactive. I configured the ssh pam that common-auth is disabled so you have to use ssh-keys.

3.1 Install the Google Authenticator PAM Module

apt update -y && apt install libpam-google-authenticator -y

3.2 Generate Your 2FA Code

google-authenticator -t -f -d -w 3 -e 10 -r 3 -R 30

3.3 Edit your SSH PAM configuration file

nano /etc/pam.d/sshd

3.3.1 Add the following line to the bottom of the file

auth required pam_google_authenticator.so nullok

3.3.2 Disable user password authentication. Comment out the following line by adding # to the beginning

# @include common-auth

3.4 Edit the SSH daemon configuration file

nano /etc/ssh/sshd_config

3.4.1 Find the line for ChallengeResponseAuthentication and set its value to yes

ChallengeResponseAuthentication yes

3.4.2 Verify the following options are set as shown, or add them if they don't exist

PasswordAuthentication no
PubkeyAuthentication yes
AuthenticationMethods publickey,keyboard-interactive

3.5 Restart the SSH services

systemctl restart ssh sshd

TablePlus ssh-log

[11:58:46.510026] ssh_connect: libssh 0.9.2 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_winlock
[11:58:46.510026] getai: host thats.not.my.ip matches an IP address
[11:58:46.510026] ssh_socket_connect: Nonblocking connection socket: 3364
[11:58:46.510026] ssh_connect: Socket connecting, now waiting for the callbacks to work
[11:58:46.510026] ssh_connect: Actual timeout : 120000
[11:58:46.522562] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 0
[11:58:46.522562] ssh_socket_pollcallback: Received POLLOUT in connecting state
[11:58:46.522562] socket_callback_connected: Socket connection callback: 1 (0)
[11:58:46.522562] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.522562] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 0
[11:58:46.538229] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLIN ), out buffer 0
[11:58:46.538229] callback_receive_banner: Received banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
[11:58:46.538229] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
[11:58:46.538229] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
[11:58:46.538229] ssh_analyze_banner: We are talking to an OpenSSH client version: 8.4 (80400)
[11:58:46.624373] ssh_client_select_hostkeys: Order of wanted host keys: "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
[11:58:46.625119] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory
[11:58:46.625119] ssh_client_select_hostkeys: No key found in known_hosts; changing host key method to "ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss"
[11:58:46.625119] ssh_list_kex: kex algos: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
[11:58:46.625119] ssh_list_kex: server host key algo: ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
[11:58:46.625119] ssh_list_kex: encryption client->server: [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
[11:58:46.625119] ssh_list_kex: encryption server->client: [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
[11:58:46.625119] ssh_list_kex: mac algo client->server: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[11:58:46.625119] ssh_list_kex: mac algo server->client: [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[11:58:46.625119] ssh_list_kex: compression algo client->server: none
[11:58:46.625119] ssh_list_kex: compression algo server->client: none
[11:58:46.625119] ssh_list_kex: languages client->server: 
[11:58:46.625119] ssh_list_kex: languages server->client: 
[11:58:46.625119] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.625119] packet_send2: packet: wrote [type=20, len=972, padding_size=10, comp=961, payload=961]
[11:58:46.625119] ssh_send_kex: SSH_MSG_KEXINIT sent
[11:58:46.625119] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLIN POLLOUT ), out buffer 0
[11:58:46.625119] ssh_packet_socket_callback: packet: read type 20 [len=1052,padding=10,comp=1041,payload=1041]
[11:58:46.625119] ssh_packet_process: Dispatching handler for packet type 20
[11:58:46.625119] ssh_list_kex: kex algos: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
[11:58:46.625119] ssh_list_kex: server host key algo: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
[11:58:46.625119] ssh_list_kex: encryption client->server: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[11:58:46.625119] ssh_list_kex: encryption server->client: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
[11:58:46.625119] ssh_list_kex: mac algo client->server: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[11:58:46.625119] ssh_list_kex: mac algo server->client: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
[11:58:46.625119] ssh_list_kex: compression algo client->server: none,[email protected]
[11:58:46.625119] ssh_list_kex: compression algo server->client: none,[email protected]
[11:58:46.625119] ssh_list_kex: languages client->server: 
[11:58:46.625119] ssh_list_kex: languages server->client: 
[11:58:46.625119] ssh_kex_select_methods: Negotiated curve25519-sha256,ssh-ed25519,[email protected],[email protected],[email protected],[email protected],none,none,,
[11:58:46.626118] packet_send2: packet: wrote [type=30, len=44, padding_size=6, comp=37, payload=37]
[11:58:46.626118] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.626118] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 0
[11:58:46.626118] ssh_socket_pollcallback: sending control flow event
[11:58:46.626118] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[11:58:46.648470] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLIN ), out buffer 0
[11:58:46.648470] ssh_packet_socket_callback: packet: read type 31 [len=188,padding=8,comp=179,payload=179]
[11:58:46.648470] ssh_packet_process: Dispatching handler for packet type 31
[11:58:46.648470] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.648470] packet_send2: packet: wrote [type=21, len=12, padding_size=10, comp=1, payload=1]
[11:58:46.648470] ssh_packet_set_newkeys: called, direction = OUT 
[11:58:46.648470] crypt_set_algorithms2: Set output algorithm to [email protected]
[11:58:46.648470] crypt_set_algorithms2: Set HMAC output algorithm to aead-gcm
[11:58:46.648470] crypt_set_algorithms2: Set input algorithm to [email protected]
[11:58:46.648470] crypt_set_algorithms2: Set HMAC input algorithm to aead-gcm
[11:58:46.648470] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[11:58:46.648470] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[11:58:46.648470] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
[11:58:46.648470] ssh_packet_socket_callback: Processing 292 bytes left in socket buffer
[11:58:46.648470] ssh_packet_socket_callback: packet: read type 21 [len=12,padding=10,comp=1,payload=1]
[11:58:46.648470] ssh_packet_process: Dispatching handler for packet type 21
[11:58:46.648470] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[11:58:46.648470] ssh_pki_signature_verify: Going to verify a ssh-ed25519 type signature
[11:58:46.648470] ssh_packet_newkeys: Signature verified and valid
[11:58:46.648470] ssh_packet_set_newkeys: called, direction = IN 
[11:58:46.648470] ssh_packet_socket_callback: Processing 276 bytes left in socket buffer
[11:58:46.648470] ssh_packet_socket_callback: packet: read type 7 [len=256,padding=8,comp=247,payload=247]
[11:58:46.648470] ssh_packet_process: Dispatching handler for packet type 7
[11:58:46.648470] ssh_packet_ext_info: Received SSH_MSG_EXT_INFO
[11:58:46.648470] ssh_packet_ext_info: Follows 1 extensions
[11:58:46.648470] ssh_packet_ext_info: Extension: server-sig-algs=<ssh-ed25519,[email protected],ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected]>
[11:58:46.648470] ssh_connect: current state : 7
[11:58:46.648470] ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=true
[11:58:46.648470] ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: none, kdf: none, nkeys: 1
[11:58:46.648470] ssh_key_algorithm_allowed: Checking ssh-ed25519 with list <[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
[11:58:46.648470] packet_send2: packet: wrote [type=5, len=32, padding_size=14, comp=17, payload=17]
[11:58:46.648470] ssh_service_request: Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
[11:58:46.648470] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 52
[11:58:46.648470] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.648470] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 0
[11:58:46.648470] ssh_socket_pollcallback: sending control flow event
[11:58:46.648470] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[11:58:46.664207] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLIN ), out buffer 0
[11:58:46.664207] ssh_packet_socket_callback: packet: read type 6 [len=32,padding=14,comp=17,payload=17]
[11:58:46.664207] ssh_packet_process: Dispatching handler for packet type 6
[11:58:46.664207] ssh_packet_service_accept: Received SSH_MSG_SERVICE_ACCEPT
[11:58:46.664207] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[11:58:46.664207] packet_send2: packet: wrote [type=50, len=208, padding_size=9, comp=198, payload=198]
[11:58:46.664207] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLOUT ), out buffer 0
[11:58:46.664207] ssh_socket_pollcallback: sending control flow event
[11:58:46.664207] ssh_packet_socket_controlflow_callback: sending channel_write_wontblock callback
[11:58:46.694977] ssh_socket_pollcallback: Poll callback on socket 3364 (POLLIN ), out buffer 0
[11:58:46.694977] ssh_packet_socket_callback: packet: read type 51 [len=32,padding=5,comp=26,payload=26]
[11:58:46.694977] ssh_packet_process: Dispatching handler for packet type 51
[11:58:46.694977] ssh_packet_userauth_failure: Partial success for 'publickey'. Authentication that can continue: keyboard-interactive

TablePlus Error

Notes:

• On windows everything works fine if 2fa is disabled.
• tested it with an macbook and everything worked (but thats not the solution, i need it for windows)