Re: pam auth with ssh public key
On Wed, Oct 04 2023 at 10:08:14 AM, jeremy ardley <jeremy.ardley@gmail.com> wrote:
> I have set up a server with sshd allowing public key access. I also
> set up google authenticator in pam by putting this line at the head of
> /etc/pam.d/sshd
>
> auth required pam_google_authenticator.so
>
> If I connect to the server without a public key I get the
> authenticator prompt and then password prompt. As expected.
>
> If I connect with a public key I don't get an authenticator or
> password prompt. However, I expected an authenticator prompt but not a
> password prompt
>
> As far as I can tell, sshd does all the public key authentication
> stuff, and there isn't any documented way for pam to check the result
> of the public key other than inspect an environment variable
> SSH_AUTH_INFO_0
>
> All the docs I've read say pam doesn't do that out of the box.
>
> Has pam been updated at or before Debian 11 ? If so, where can I
> manage its actions?
Perhaps set AuthenticationMethods to publickey,keyboard-interactive in
sshd_config? Do read the full description of that parameter in the
manpage for other things that might interest you.
--
regards,
kushal
Reply to: