pam auth with ssh public key

To: debian-user@lists.debian.org
Subject: pam auth with ssh public key
From: jeremy ardley <jeremy.ardley@gmail.com>
Date: Wed, 4 Oct 2023 10:08:14 +0800
Message-id: <[🔎] 39a4518c-a6b2-76e1-ca13-f19eb9152c71@gmail.com>

I have set up a server with sshd allowing public key access. I also setup google authenticator in pam by putting this line at the head of/etc/pam.d/sshd


auth required pam_google_authenticator.so

If I connect to the server without a public key I get the authenticatorprompt and then password prompt. As expected.

If I connect with a public key I don't get an authenticator or passwordprompt. However, I expected an authenticator prompt but not a passwordprompt

As far as I can tell, sshd does all the public key authentication stuff,and there isn't any documented way for pam to check the result of thepublic key other than inspect an environment variable SSH_AUTH_INFO_0


All the docs I've read say pam doesn't do that out of the box.

Has pam been updated at or before Debian 11 ? If so, where can I manageits actions?

Reply to:

Follow-Ups:
- Re: pam auth with ssh public key
  - From: Kushal Kumaran <kushal@locationd.net>

Prev by Date: SMART error messages being sent to the wrong address
Next by Date: Re: SMART error messages being sent to the wrong address
Previous by thread: Re: SMART error messages being sent to the wrong address
Next by thread: Re: pam auth with ssh public key
Index(es):
- Date
- Thread