How to use 2FA with cert based SSH auth?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
I used this guide to enable Google TOTP auth on Ubuntu 16.04.
SSH only allows cert based auth (PasswordAuthentication no)
I set ChallengeResponseAuthentication yes and restarted the SSH service.
I don't get prompted for a 2FA token.
So I added the following line to sshd_config:
AuthenticationMethods publickey,keyboard-interactive
Then restarted the SSHd
Now I get prompted for a password after entering the cert password, but the 2FA codes are not accepted. I used both the main numeric keyboard and the dedicated numeric keyboard to enter the numbers.
UsePAM yes hasn't been changed.
How to config 2FA with cert based SSH auth?
ssh openssh sshd
asked May 8 at 20:28
Gaia
1201113
add a comment |Â
up vote
0
down vote
favorite
I used this guide to enable Google TOTP auth on Ubuntu 16.04.
SSH only allows cert based auth (PasswordAuthentication no)
I set ChallengeResponseAuthentication yes and restarted the SSH service.
I don't get prompted for a 2FA token.
So I added the following line to sshd_config:
AuthenticationMethods publickey,keyboard-interactive
Then restarted the SSHd
Now I get prompted for a password after entering the cert password, but the 2FA codes are not accepted. I used both the main numeric keyboard and the dedicated numeric keyboard to enter the numbers.
UsePAM yes hasn't been changed.
How to config 2FA with cert based SSH auth?
ssh openssh sshd
asked May 8 at 20:28
Gaia
1201113
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I used this guide to enable Google TOTP auth on Ubuntu 16.04.
SSH only allows cert based auth (PasswordAuthentication no)
I set ChallengeResponseAuthentication yes and restarted the SSH service.
I don't get prompted for a 2FA token.
So I added the following line to sshd_config:
AuthenticationMethods publickey,keyboard-interactive
Then restarted the SSHd
Now I get prompted for a password after entering the cert password, but the 2FA codes are not accepted. I used both the main numeric keyboard and the dedicated numeric keyboard to enter the numbers.
UsePAM yes hasn't been changed.
How to config 2FA with cert based SSH auth?
ssh openssh sshd
asked May 8 at 20:28
Gaia
1201113
I used this guide to enable Google TOTP auth on Ubuntu 16.04.
SSH only allows cert based auth (PasswordAuthentication no)
I set ChallengeResponseAuthentication yes and restarted the SSH service.
I don't get prompted for a 2FA token.
So I added the following line to sshd_config:
AuthenticationMethods publickey,keyboard-interactive
Then restarted the SSHd
Now I get prompted for a password after entering the cert password, but the 2FA codes are not accepted. I used both the main numeric keyboard and the dedicated numeric keyboard to enter the numbers.
UsePAM yes hasn't been changed.
How to config 2FA with cert based SSH auth?
ssh openssh sshd
asked May 8 at 20:28
Gaia
1201113
edited May 8 at 21:16
asked May 8 at 20:28
Gaia
1201113
asked May 8 at 20:28
Gaia
1201113
asked May 8 at 20:28
Gaia
1201113
1201113
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1033748%2fhow-to-use-2fa-with-cert-based-ssh-auth%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password