Random password changes

hello:
i had no problems in the last year with my rasp and osmc.
since i tried google authenticator for ssh login ( [Howto] setup two way authentication to ssh), my passwords get changed random or something like that.
My password was allways wrong, i tired the standard password too.
even after i booted into shell and changed the password of the user osmc, the password was allways wrong.
I disabled passwords in sshd_conf, nothing helped.
so I made a backup of everything and formated the sd card.

im done with restoring my backup, and i even got google authenticator working.
i logged in over ssh serveral times on my notebook and android phone, everything worked fine and i was asked for the google auth code every time.

now, a few hours later, i got the same problem as before.
i didnt changed anything, but the password is wrong everytime.
i tried the same as before, changing the password and so on.
i even created a new user, but the login doesnt work for him either.

what should i do now ?
i dont want to reinstall everything again, and anything must be wrong.
is it something with google authenticator and osmc ?
can somebody help me ? :frowning:

Try disabling google-authenticator and see if the problem goes away. To do that:

sudo nano /etc/pam.d/sshd and remove or comment out the line:
auth required pam_google_authenticator.so then
sudo nano /etc/ssh/sshd_config and remove or comment out the line:
ChallengeResponseAuthentication yes

If that stops it happening then at least you know what it is. If it doesn’t then it could be something more sinister.

yeah i tried that before, i will do it again just to be safe, but i dont think it will change something.
i even disabled the whole password auth thing in the sshd_config and i was asked for a password againt.

what could do something that i have to reset my whole system two times after i used google autheticator ??

If the password is changing itself even without Google Authenticator active I think it is probably not related to that.

When the password does change, how do you access the RPi to reset it?

Does anyone else have access to your RPi? And do you have any ports forwarded to it on your router?

i can plug the sd card in my notebook and mount the file system, and with editing the cmdline.txt i can boot into terminal. I changed the password of the osmc user with sudo and created another user, but via ssh the password is allways wrong.
i got 80 and 443 forwaded for my website and i opend a random unused port for running ssh over it after google authenticator worked. Nobody else got access to my pi and i think its impossible that i change the password via the terminal and somebody else change it back while the pi is booting again normal.

i can reset my pi if i format the sd card and flash osmc again, but then i have to restore everything and i did that yesterday, so i dont want to to it againt :s

i think i will do this now, but there must be a problem somewhere cause im using osmc for a long time with ssh and other passwords, only after i used google authenticator there were problems

Can you please put here exactly what changes you are making to cmdline.txt and what user you then use to log in with?

Can you also please post your sshd configuration file? Maybe it is looking for a different password type. Did you maybe try setting up key based authentication previously?

No need to scrap everything yet. I’m sure we can solve it!

sorry but i already formatted the sd card.
but the problem isnt solved yet, if i install google authenticator now im sure the password will be broken again.
if you add ‘init=/bin/sh’ at the end of the cmdline.txt line, it will boot into terminal that you can see on your tv screen if hdmi is pluged in. there you can do sudo -i with your keyboard and reset or add user if you first mount / read and write.

there where only three changes i made to the sshd_config:
Port myport , PermitRootLogin no, ChallengeResponseAuthentication yes . i didnt changed anything else there, and even after i reseted the sshd_config to my backup the password didnt work.

at first i thought the problem might be something with pam, but no matter if ChallengeResponseAuthentication was on or off( you can see the diference when logging in over ssh, because the terminal output isnst the same when enabled), the password is allways wrong.

does somebody got google authenticator working and using it a longer time ?

Adding init=/bin/sh just allows you to boot straight to a shell, you would have to log in at the prompt before you could reset the password. How are you logging in there at that prompt on your tv if you don’t know the password?

The password at that prompt should be the same as the ssh one for the same user.

The reason I asked for the sshd config was to rule out any changes that might have been made to it by the google authenticator set up script.

From what you’re describing it seems that the linux password (the one stored encrypted in /etc/shadow) isn’t actually changing (if it was you wouldn’t be able to log in at the prompt on your tv). It seems that something (maybe google authenticator, maybe something else) is causing ssh to use some other credentials.

when i boot to shell im logged in, theres no need to type a password, thats normal, i have never typed a password in the booted shell in my lifetime, if you are running only raspbian or something else its the same.
you do sudo -i and then you can set the passwords of users with passwd username.

when i first used my osmc via ssh, i changed the password and since then i could log in with that. after i installed google authenticator, i could never login over ssh with the osmc user or any other user i created with the shell.

Ok, I didn’t realise there was a way to a passwordless root shell.

I think what you’ll need to do then is.

cd /home/osmc
sudo -s
cp -p /etc/shadow etc.shadow.1
<install google authenticator>
cp -p /etc/shadow etc.shadow.2

After password changes boot to a shell and run

cd /home/osmc
cp -p /etc/shadow etc.shadow.3
<reset password>
cp -p /etc/shadow etc.shadow.4

Then compare the password hashes in the 4 copied files to see whether they actually changed at all. If they haven’t then sshd is using something other than pam for it’s authentication. If the hashes have changed then note the last modified time to see when it changed. Compare those to log entries, activities, etc.