Closed Danixu closed 5 years ago
In sshd_config file
AuthenticationMethods publickey,keyboard-interactive
Forces
public key+password + GA
Hello,
Thanks for your response, but is not exactly what I want (surely my mistake explaining the problem). What I want is one or another:
and the closest configuration I've done was the latest, where I've got password + GA, but public key enter without asking for GA.
Thanks!!
I'm not aware of this being possible. It would be if OpenSSH sets an environment variable or something for pam_get_item
to retrieve.
But I'd say even if that were the case the right thing is to have a dedicated module that essentially does "if pubkey was provided, then return PAM_SUCCESS
" and then have PAM config interpret PAM_SUCCESS
for that module as "skip pam_unix.so
".
So this is out of scope of this project, if it's even possible without patching OpenSSH's PAM code.
Hello, first, sorry for my english
I'm trying to add 2 factor authentication to one server but keeping original behaviour plus Google Authenticator, but I'm unable to archieve it.
What I want is allow to access using password+GAuth, and publickey+GAuth both together. But the most I've got is just password+GAuth or publickey+GAuth but not both at same time.
I've followed the configuration steps with an AuthenticationMethods line like this; AuthenticationMethods password,keyboard-interactive:pam publickey,keyboard-interactive:pam
@include common-auth
in /etc/pam.d/sshd, i'm able to login using public key but it asks for password and GAuth code.@include common-auth
commented in /etc/pam.d/sshd, I'm able to login with public key and GAuth code without password, but when I don't have public key, it asks for password but doesn't works. You've to provide the GAuth code instead the password, and again the GAuth code when it asks.Is there any way to ask to GAuth code when public key is used, and also when password is used?.
Thanks!!