-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This does not seem to be the same as Bug 1840113. That was an selinux issue. This one happens even in permissive mode. Previous directions for enabling 2fa were: dnf -y install google-authenticator qrencode # modify /etc/pam.d/sshd by adding one line at the top: head -4 /etc/pam.d/sshd #%PAM-1.0 auth required pam_google_authenticator.so nullok auth substack password-auth auth include postlogin # modify /etc/ssh/sshd_config to enable 2fa grep '^Chall' /etc/ssh/sshd_config ChallengeResponseAuthentication yes systemctl restart sshd.service Are those directions still correct for F34? They work on Centos 8 and F32. Using that on F34, connecting over ssh to an account with an existing .google_authenticator file, we don't get the "Verification code:" prompt, just the prompt for "root@hostxx's password:". It always fails, since it looks like google is seeing that entry as the verification code: May 11 09:07:17 hostxx sshd(pam_google_authenticator)[102001]: Invalid verification code for root Feeding the verification code at the "root@hostxx's password:" prompt results in the same journal message - no second prompt for the actual password. -----BEGIN PGP SIGNATURE----- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYJqtmhUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsE2aQCeI4spLNRw7atvJtCnOTaFkZrc4m4A njl8wlZZzNnfV7yb1jbNsftHtuDp =0RfZ -----END PGP SIGNATURE----- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
