One User Cannot Log Onto Server Protected by Duo

One user is having repeated failures when trying to log onto a server protected by Duo. The failures are limited to the one user. No one else seems to be having any problems.

I tried in no particular order:

  1. restarting sshd
  2. disabling selinux.
  3. Resetting user password
  4. Setting user password to empty string
  5. Search Engines…

None of it worked. The one user still cannot log in.

There is nothing unsusual I can see in the account and the user only uses the target as a jump host.

Typical entries from sshd.log:

Sep 16 06:24:34 scajump01 sshd[1321830]: pam_duo(sshd:auth): conversation failed
Sep 16 06:24:34 scajump01 sshd[1321830]: Aborted Duo login for 'kbowser' from Error gathering user response
Sep 16 06:24:34 scajump01 sshd[1321830]: Failed password for kbowser from port 52388 ssh2
Sep 16 06:24:38 scajump01 sshd[1321830]: Connection closed by authenticating user kbowser port 52388 [preauth]

ChallengeResponseAuthentication in sshd_config is set to yes.


auth       required
# auth       substack     password-auth
auth       required
auth       sufficient
auth       required
auth       include      postlogin
account    required
account    required
account    include      password-auth
password   include      password-auth
# close should be the[duo]
 first session rule
session    required close
session    required
# open should only be followed by sessions to be executed in the user context
session    required open env_params
session    required
session    optional force revoke
session    optional
session    include      password-auth
session    include      postlogin

/etc/duo/pam_duo.conf (ikey, skey, and host values are bogus)

; Duo integration key

; Duo secret key

; Duo API host
host = ■■■■■■■■■■■■■■■■■■■■■■■■■■■■

failmode = safe

; Send command for Duo Push authentication
pushinfo = yes

Hi there @linixhitman , welcome back to the Community! I noticed the entries from the sshd.log included “Error gathering user response”. Have you tried the other steps in the article “Why might I see “Error gathering user response” when using pam_duo?” Let us know if any of those steps are helpful!