[SOLVED] Console noVNC Authentication failed because of custom sshd_config

Blinkiz

Active Member
Jan 23, 2010
31
1
28
Stockholm Sweden
Problem
Open console (noVNC) does not work. "New connection has been rejected with reason: Authentication failed".
It does NOT fail if the virtual machine is running on the same machine as Proxmox WebGUI. Only open console between baremetal machines is a problem.

Setup
  • Three virtualization hosts, compute1.example.com, compute2.example.com and compute3.example.com.
  • Time is correct on all three machines.
  • No problem starting or stopping virtual machines.
  • Proxmox 5.2-2.

Investigation
This problem started after a longer SSH connectivity problem that is now resolved. I can see that the remote server is using root SSH user to get the socket /var/run/qemu-server/112.vnc and with strace I can see that it is the qemu/kvm process that is producing the "Authentication failed" message. The authentication does not fail if it is the local Proxmox webgui that is connecting to the console which is weird.
 

Dominic

Proxmox Staff Member
Staff member
Mar 18, 2019
861
82
28
Please note that you should upgrade to PVE 6. Do you still have this problem?

Unfortunately, I don't think that I understand your problem completely. All your compute1-3 hosts run PVE. Each VM on compute1 can be accessed with the noVNC interface in the web interface of compute1. The same holds for compute2 and compute3. So all administration tasks can be done. Now you want to access VMs on, for example, compute1 from compute2?
 

Blinkiz

Active Member
Jan 23, 2010
31
1
28
Stockholm Sweden
Hello Dominic
I have found the problem but not yet solved it. It was new configuration in sshd_config and/or ssh_config that created the problem. Restoring these files to earlier versions got the console to work again.
I have not had the time to troubleshoot what new line in sshd_config or ssh_config that created the problem. ssh normally between the machine always works so the console feature is doing something more. Probably creating some kind of tunnel that was denied and Proxmox does not have error handling for this kind of problem.
 

Dominic

Proxmox Staff Member
Staff member
Mar 18, 2019
861
82
28
I'm glad that you could get the console working again. Did you solve your problem in the meanwhile? If yes, then please mark the thread as solved.
 

Dragonn

New Member
May 23, 2020
12
1
3
29
Hello here,

I have been searching for solution quite a long time and I believe true issue with custom sshd_config files is that Debian's default AcceptEnv LANG LC_* is removed or modified.

Proxmox VNC proxy uses environment variable LC_PVE_TICKET to pass authentication token via SSH connection and this environment variable needs to be perserved.

I didn't find any mention about this variable in doc or similar threads about noVNC Authentication failed issues, so I wanted to add it here.

@Blinkiz please mark this thread as solved. It would really help others. Thx
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!