Open valentinalexeev opened 7 years ago
In case sshd allows both key and key-less access onetouch-ssh will not be enforced on clients who connect without a key.
onetouch-ssh
One potential solution is to use ForceCommand in /etc/ssh/sshd_config to require call to onetouch-ssh upon login.
ForceCommand
/etc/ssh/sshd_config
I had configured my /etc/ssh/sshd_config in the following way:
Match User valexeev ForceCommand /home/valexeev/.authy-onetouch/login.sh
With login.sh containing:
login.sh
#!/bin/sh /usr/local/bin/onetouch-ssh shell AUTHYID
It should be possible to create a non-user dependent script that will check SSH environment variables to determine correct AUTHYID.
In case sshd allows both key and key-less access
onetouch-ssh
will not be enforced on clients who connect without a key.One potential solution is to use
ForceCommand
in/etc/ssh/sshd_config
to require call toonetouch-ssh
upon login.I had configured my
/etc/ssh/sshd_config
in the following way:With
login.sh
containing:It should be possible to create a non-user dependent script that will check SSH environment variables to determine correct AUTHYID.