MFA and PubKeys

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello all, 

I'm trying to get a properly working MFA solution working with our ssh servers. I have it working wonderfully well with duo until ssh keys are added to the mix. 
As I understand it, using keys results in the PAM stack not getting called and thus something like pam_duo never get's a chance to work in that scenario. 
I'm aware that I can use something like "ForceCommand /usr/sbin/login_duo" but that results in two requests unless it is removed from PAM beforehand which is not ideal as there are other services that also benefit from having MFA present in the PAM stack. 
Using ForceCommand like this is also dubious as users can still put whatever they like in their shell rc files. 

Is there a better way to properly integrate MFA into the login process when ssh keys are used? 

Thanks in advance. 
-- 
Rikki 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux