Hi All, Question that has been bugging me for awhile... We have an ssh login host we've protected with Duo's 2FA pam module. We're allowing both password auth and ssh-keys. Problem is, those users with a valid ssh key are instantly allowed to log in-the pam stack for the duo .so module never gets called, and the users are never prompted for 2FA. Is there a way to compel the execution of PAM modules before OpenSSH completes the login process for the user? This is OpenSSH 7.4p1 on a RHEL 7.9 system btw.... Thanks a bunch! -Jeff _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
