Update howto-vm-sign-in-azure-ad-linux.md

mepples21 · mepples21 · commit 8dd3512177e5 · 2022-03-21T15:57:06.000-07:00
Added description of sshd_config error and suggested solutions
diff --git a/articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md b/articles/active-directory/devices/howto-vm-sign-in-azure-ad-linux.md
@@ -463,6 +463,14 @@ Solution 2: Perform these actions:
 
 Virtual machine scale set VM connections may fail if the virtual machine scale set instances are running an old model. Upgrading virtual machine scale set instances to the latest model may resolve issues, especially if an upgrade hasn’t been done since the Azure AD Login extension was installed. Upgrading an instance applies a standard virtual machine scale set configuration to the individual instance.
 
+### AllowGroups / DenyGroups statements in sshd_config cause first login to fail for AAD users
+
+Cause 1: If sshd_config contains either AllowGroups or DenyGroups statements, the very first login fails for AAD users. If the statement was added after a user already has a successful login, they can log in.
+
+Solution 1: Remove AllowGroups and DenyGroups statements from sshd_config.
+
+Solution 2: Move AllowGroups and DenyGroups to a "match user" section in sshd_config. Make sure the match template excludes AAD users.
+
 ## Next steps
 
 [What is a device identity?](overview.md)
