Tailscale SSH - Authentication Failure on Manjaro/Arch

Hi,

Trying the new SSH feature between two manjaro/arch hosts I get an “Authentication Failure” after the ssh auth has taken place.

journalctl shows:

Jun 22 23:16:04 thehost tailscaled[2623]: 100.78.255.16:53068->theuser@100.81.41.35:22: starting session: 20220622T221603-4880af8916
Jun 22 23:16:04 thehost tailscaled[2623]: ssh-session(20220622T221603-4880af8916): handling new SSH connection from theuser@gmail.com (100.78.255.16) to ssh-user "theuser"
Jun 22 23:16:04 thehost tailscaled[2623]: ssh-session(20220622T221603-4880af8916): access granted to theuser@gmail.com as ssh-user "theuser"
Jun 22 23:16:04 thehost tailscaled[2623]: ssh-session(20220622T221603-4880af8916): starting pty command: [/usr/bin/tailscaled be-child ssh --uid=1000 --gid=1000 --groups=1000,998,995,993,991,988,987,986,3,90,9>
Jun 22 23:16:04 thehost login[3240032]: pam_warn(remote:account): function=[pam_sm_acct_mgmt] flags=0 service=[remote] terminal=[/dev/pts/30] user=[theuser] ruser=[<unknown>] rhost=[100.78.255.16]
Jun 22 23:16:04 thehost login[3240032]: Authentication failure

Might be a PAM issue? Any ideas?

Thanks,
Patrik

2 Likes

Just seconding that this is an issue for me as well, on Arch ARM.

I didn’t do anything particularly custom to this distro so I assume there is something about the defaults with Arch that are causing this.

2 Likes

+1 - Vanilla Arch Linux install on x86

Jun 23 19:39:12 shar tailscaled[6260]: ssh-session(20220624T003912-8aa46dffb2): access granted to CodeMichael@github as ssh-user "root"
Jun 23 19:39:12 shar tailscaled[6260]: ssh-session(20220624T003912-8aa46dffb2): starting pty command: [/usr/bin/tailscaled be-child ssh --uid=0 --gid=0 --groups=0 --local-user=root --remote-user=CodeMichael@github --remote-ip=100.74.141.2 --has-tty=true --tty-name=pts/12 --shell --login-cmd=/usr/bin/login --cmd=/usr/bin/zsh -- -l]
Jun 23 19:39:12 shar login[764931]: pam_warn(remote:account): function=[pam_sm_acct_mgmt] flags=0 service=[remote] terminal=[/dev/pts/12] user=[root] ruser=[<unknown>] rhost=[100.74.141.2]
Jun 23 19:39:12 shar login[764931]: Authentication failure
Jun 23 19:39:15 shar tailscaled[6260]: ssh-session(20220624T003912-8aa46dffb2): Wait: code=1

I had done some custom PAM work, to enable LDAP via SSSD, which I’ve reverted but still same error.

2 Likes

Solution from "Authentication Failure" when running SSHing into an Arch/Manjaro box · Issue #4924 · tailscale/tailscale · GitHub

sudo cp /etc/pam.d/login /etc/pam.d/remote

Awesome - many thanks! I see a workaround has also been merged and should be inclueed in the next point release.