Comments (14)
So I had this exact same issue on a Scaleway box. The solution turned out to be updating the /etc/ssh/sshd_config
to set PermitRootLogin yes
. The default value for Scaleway boxes at the time was PermitRootLogin without-password
.
from google-authenticator.
Comment #1 originally posted by afrazkhan on 2011-02-23T16:25:44.000Z:
Hmm, pretty sure it's a time related issue now. My phone's time was ahead by about 2 minutes.
The odd thing is that it didn't start working immediately after resetting the time. I re-imported the accounts I was testing several times, and something like half an hour later, it started working on all machines!
from google-authenticator.
Comment #2 originally posted by afrazkhan on 2011-02-23T16:28:24.000Z:
Hmm, this could be a time sync related issue. My phone's time was ahead by about 2 minutes. Not deleting the issue since I'm not convinced there isn't a bug here somewhere.
The odd thing is that it didn't start working immediately after resetting the time. I re-imported the accounts I was testing several times, and something like half an hour later, it started working on all machines!
from google-authenticator.
Comment #3 originally posted by robert.olejnik on 2011-02-26T19:06:41.000Z:
I have the same problem, but the time is correct (same values on my server and phone).
from google-authenticator.
Comment #4 originally posted by lionel.benson on 2011-02-26T21:07:17.000Z:
I also now having the same problem. Worked for about two days but now I have tried on three different machines but get the "Invalid verification code". I have ensured my machines are in "time sync" with my phone to the last second.
from google-authenticator.
Comment #5 originally posted by zodiac on 2011-02-27T03:21:00.000Z:
The application uses time since the beginning of the epoch (i.e. midnight, January 1st, 1970). Epoch's are defined as UTC. So, this should always be independent of timezones.
But yes, time skew can very well be a problem. You only have a window of about +/- 45 seconds to log in. If the phone and your computer don't agree on time, this won't work. I am working on a change that will allow you to specify a bigger window.
If you keep seeing this problem after ruling out misconfigured time, it would help to collect as much data as possible.
At the very least, it would help if you included exact time stamps as shown both by your server (use "date -u") and your phone. Also, include the code that you tried entering, and the contents of your configuration file.
If you file uneasy about publishing the configuration file in a public forum, feel free to regenerate it afterwards. If you do that, then please also let us know whether regenerating a new key fixes your problem.
from google-authenticator.
Comment #6 originally posted by lionel.benson on 2011-03-03T17:24:23.000Z:
Today I solved my "Invalid verification code" problem. I am definitely not that savvy on tech issues but this is what I did.
- I tested again to see if I would get the invalid code warning - which I did.
- I went to accounts on my desktop: [account settings>2-step verification>How to receive codes>Mobile application] and removed my android phone.
- I un-installed the authenticator from my android phone (not sure if this is necessary both did it anyway).
- I re-installed the authenticator.
- I added back by android phone and went through the steps to turn it back on.
I tried it now a few times and it works! No more invalid codes.
Hope this helps others.
Looking back now, the only thing I can remember is that I once used the authenticator on a machine that the time was off. Even after correcting the time it never worked again on any of my machines. Only after the above steps has it now started to work. Maybe something got thrown off and could not be reset - I leave that for the tech gurus.
Also, after performing the above steps, it did not reset my pass codes for my other apps and all paper back up codes are the same(which is nice).
I'm happy now :)
from google-authenticator.
Comment #7 originally posted by [email protected] on 2011-03-09T19:53:12.000Z:
I am closing this bug report for now, as it sounds that the problem went away.
If the problem re-surfaces, please re-open this bug report and try to collect additional debug data so that I can attempt to reproduce it. Don't hesitate to ask for advice, if you need help in collecting the data.
from google-authenticator.
Comment #8 originally posted by ilia.fischer on 2011-04-14T02:47:39.000Z:
The problem is reproducible when Automatic time update ("Use network provided values") is off. When switching it back to ON the codes are valid.
Login to GMail.
HTC Magic.
Rogers Wireless.
from google-authenticator.
@jameshhx really? auth log said "Invalid verification code"?
from google-authenticator.
I had this issue, and the solution was to enable the systemd-timesyncd.service
service to fix my system time.
from google-authenticator.
the same here, pam keep reports that error
Dec 19 16:46:16 ip-172-16-100-124 openvpn(pam_google_authenticator)[8922]: Invalid verification code
using this configuration on etc/pam.d/openvpn
account required pam_unix.so
account required pam_permit.so
auth requisite pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
auth required pam_unix.so use_first_pass
and openvpn server
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
on client auth-user-pass
info about package version
yum info google-authenticator
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
Name : google-authenticator
Arch : x86_64
Version : 1.0
Release : 1.2.amzn1
Size : 63 k
Repo : installed
From repo : amzn-main
Summary : One-time passcode support using open standards
URL : http://code.google.com/p/google-authenticator/
License : ASL 2.0
Description : The Google Authenticator package contains a pluggable authentication
: module (PAM) which allows login using one-time passcodes conforming to
: the open standards developed by the Initiative for Open Authentication
: (OATH) (which is unrelated to OAuth).
:
: Passcode generators are available (separately) for several mobile
: platforms.
:
: These implementations support the HMAC-Based One-time Password (HOTP)
: algorithm specified in RFC 4226 and the Time-based One-time Password
: (TOTP) algorithm currently in draft.
Available Packages
Name : google-authenticator
Arch : i686
Version : 1.0
Release : 1.2.amzn1
Size : 31 k
Repo : amzn-main/latest
Summary : One-time passcode support using open standards
URL : http://code.google.com/p/google-authenticator/
License : ASL 2.0
Description : The Google Authenticator package contains a pluggable authentication
: module (PAM) which allows login using one-time passcodes conforming to
: the open standards developed by the Initiative for Open Authentication
: (OATH) (which is unrelated to OAuth).
:
: Passcode generators are available (separately) for several mobile
: platforms.
:
: These implementations support the HMAC-Based One-time Password (HOTP)
: algorithm specified in RFC 4226 and the Time-based One-time Password
: (TOTP) algorithm currently in draft.
from google-authenticator.
Folks,
Check if SELINUX is enforced !. Disabling the SELINUX should solve it. If disabling is not an option for you, this can be still sorted out by creating some SELINUX policies , so that sshd process has proper privileges to work with the google authenticator. Below are the steps.
- make sure to have selinux policy devel installed.
- create alias for the make file ; alias semake='make -f /usr/share/selinux/devel/Makefile'
- create a directory of your choice , and within the directory create a file ending with .te; name it on your choice.
- create the selinux policies (have the below content added to the .te file that has been created in the above step)
#give the module name you wish, it is good practice to have it named
similar to the policy file name
module sshd_ga_custom 1.0;
require {
type admin_home_t;
type sshd_t;
type user_home_dir_t;
class file { create getattr open read rename setattr unlink write };
}
#============= sshd_t ==============
allow sshd_t admin_home_t:file { create getattr open read rename setattr unlink write };
allow sshd_t user_home_dir_t:file { create open read rename setattr unlink write };
5. save the file.
6. compile the file by tying semake.
7.if it successfully compiles, you should see a file generated with extension .pp.
8. install the policy to selinux
semodule -i sshd_ga_custom.pp
9. restart the sshd service.
10. Boom ! you should be ON. hope it helps !
from google-authenticator.
@AkshayaAnil i moved the vpn to ubuntu, it worked smoothly 😄
from google-authenticator.
Related Issues (20)
- Does not comply with RFC 6238 HOT 2
- Entering a provided key: '8' or '9' characters are invalid HOT 3
- Crap HOT 1
- Consider IANA registration of URI Scheme for otpauth? HOT 3
- Recent Update broke usage in Vysor HOT 5
- Is there any way to use this without a mobile device? HOT 2
- I Need to set QR code by base64 HOT 1
- Grouping of entries HOT 1
- No Password APP protection on IOS? HOT 1
- When I download the repo, it gives several erro missing library HOT 1
- Different behaviour between iOS and Android when opening otpauth:// urlscheme HOT 1
- Cannot transfer account without a name to a new device
- iOS App Crashes Instantly on 14.2 HOT 7
- Invalid barcode during account transfer from android to iphone HOT 11
- Face ID HOT 3
- Colors on codes
- Is that possible to use google-authenticator as a digital signature HOT 1
- Cannot Intercept QR code after transfer!! HOT 1
- AUthenticator has stopped - error on startup HOT 1
- Invalid barcode on IOS iphone HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-authenticator.