Re: pam_duo 2FA && ssh-key access

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 26/01/2021 20:17, Mauricio Tavares wrote:
       I've always thought the comma meant "if this does not work, try this next"

Nope. From sshd_config(5):

     AuthenticationMethods
             Specifies the authentication methods that must be successfully completed for a user to be              granted access.  This option must be followed by one or more comma-separated lists of authen‐              tication method names, or by the single string any to indicate the default behaviour of              accepting any single authentication method.  If the default is overridden, then *successful** **             authentication requires completion of every method in at least one of these lists*.

             For example, "publickey,password publickey,keyboard-interactive" would require the user to              complete public key authentication, followed by either password or keyboard interactive              authentication.  Only methods that are next in one or more lists are offered at each stage,              so for this example it would not be possible to attempt password or keyboard-interactive
             authentication before public key.

             For keyboard interactive authentication it is also possible to restrict authentication to a              specific device by appending a colon followed by the device identifier bsdauth, pam, or skey,              depending on the server configuration.  For example, "keyboard-interactive:bsdauth" would              restrict keyboard interactive authentication to the bsdauth device.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux