I have an openvpn connection to my work network that I use to SSH into my work machine from home. I have this setup using ubuntu's network-manager gui. The authentication into the openvpn network uses a mix 3 things:
- the standard VPN crt+key
- a fixed key password (filled in the "User Key Password" section of the gui)
- and a password prompt from the router that is concatenation of "fixed string" and OTP via Google Auth, that I fill in each time I initiate the vpn connection
All this works (although due to the old router it gets reset once per 24 hours, but that's a different issue that I'll leave to our IT guy), however, when I have an SSH connection to a work machine in the terminal, every minute or so I see messages saying that I need to re-enter the password (even though I don't need to).
Broadcast message from root@XC3 (Fri 2020-05-08 10:41:33 MDT):
Password entry required for 'Enter Auth Password:' (PID 28160).
Please enter password with the systemd-tty-ask-password-agent tool!
Broadcast message from root@XC3 (Fri 2020-05-08 10:43:08 MDT):
Password entry required for 'Enter Auth Username:' (PID 28178).
Please enter password with the systemd-tty-ask-password-agent tool!
Broadcast message from root@XC3 (Fri 2020-05-08 10:44:38 MDT):
Password entry required for 'Enter Auth Password:' (PID 28196).
Please enter password with the systemd-tty-ask-password-agent tool!
Broadcast message from root@XC3 (Fri 2020-05-08 10:46:13 MDT):
Password entry required for 'Enter Auth Username:' (PID 28207).
Please enter password with the systemd-tty-ask-password-agent tool!
Broadcast message from root@XC3 (Fri 2020-05-08 10:47:44 MDT):
Password entry required for 'Enter Auth Password:' (PID 28209).
Please enter password with the systemd-tty-ask-password-agent tool!
I have two questions:
- What/why is this happening? The connection still works without me needing to re-enter the password, so it's a best just annoying
- How do I fix it or stop it from spamming my SSH sessions?
Some information about the VPN connection gui in Network Manager:
- Gateway is set to two IPs
- Authentication type is "Password with Certificates (TLS)"
- "User name" is filled out
- "Password" is empty since it changes
- "CA certification"/"User certificate"/"User private key" are all set to local files
- "User key password" is set
- "Use custom renegotiation interval" is set to "0"
- "Data compression" is "LZO adaptive legacy"
- "Use TCP Connection" is set
- "Set virtual device" is TUN
- "Verify peer (server) certificate usage signature" is set to "Server"
- Everything else is either unset, or default
Please let me know if there's more information I can provide
Best Answer
I think I've found the answer: I think I had left over configurations that I'd manually configured with config files (I created these before our IT admin added the OTP).
So, I "solved" this issue by doing :
systemctl disable openvpn@confignameand also removing the related/etc/openvpn/myconf.conffiles.