Re: chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Dec 18, 2014 at 12:59 AM, Damien Miller <...> wrote:
> On Wed, 17 Dec 2014, Dmt Ops wrote:
>
>> But when I ssh in to the machine, I still get only the pubkey auth -- never
>> get asked for the GA code, and I can login.
>
> Could you please post a debug log from the server?
>
> /path/to/sshd -ddd
>
> should produce one.

Based on what I've seen the reason is because SSH is handling pub-key
auth and bypasses PAM for it.  Google Authenticator however is done
via PAM so it only works for keyboard interactive logins.
Now then from what I've seen you can try to do force command instead
and use a different 2-factor provider that runs using a system
executable but that provides its own headaches.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux