search for: pam_google_authenticator

Hi folks I have installed Google authenticator on a few C8 boxes This is working fine on all of them except one... - google-authenticator is installed and the box is added to my Android app - /etc/pam.d/sshd contains auth sufficient pam_google_authenticator.so - /etc/ssh/sshd_config contains ChallengeResponseAuthentication yes - sshd restarted When logging in, I'm prompted with the password (i.e. no request OTP request) I have already uninstalled/reinstalled/rebooted and compared the config files across boxes... but I can't see what I have...

...ive' is used). From my digging in the source, it seems it is currently not. Would it be possible to provide this information? Maybe using do_pam_putenv()? Would there be any security implications of doing this? The reason I'm asking is that I'm looking into using 2FA (i.e. pubkey + pam_google_authenticator) for *some* of my SSH keys. For example, a SSH privkey on my trusted box can login without verification code, but another SSH privkey on my not-as-trusted box requires a verification code to login. My initial thought was to implemented it through a pubkey whitelist in the specific PAM module,...

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

...to ADD a 2nd factor authentication step; specifically Google Authenticator I installed pam-google-authenticator package. At shell, I exec google-authenticator and create the key I edit vi /etc/pam.d/sshd ... + auth required pam_google_authenticator.so ... and vi /etc/ssh/sshd_config ... - ChallengeResponseAuthentication no + ChallengeResponseAuthentication yes + KbdInteractiveAuthentication yes ... and restart the daemon...

...M: sshpam_respond entering, 1 responses Dec 23 07:05:27 server sshd[23109]: Postponed keyboard-interactive/pam for root from 2001:xxx:xxxx:xxx::107 port 48866 ssh2 [preauth] Dec 23 07:05:34 server sshd[23109]: debug2: PAM: sshpam_respond entering, 1 responses Dec 23 07:05:34 server sshd(pam_google_authenticator)[23111]: Invalid verification code Dec 23 07:05:34 server sshd[23109]: error: PAM: Authentication failure for root from 2001:xxx:xxxx:xxx::107 Dec 23 07:05:34 server sshd[23109]: debug2: auth2_challenge_start: devices <empty> [preauth] Dec 23 07:05:34 server sshd[23109]: debug2: m...

I added an EXPLICIT AuthenticationMethods publickey,keyboard-interactive + UsePam yes to sshd_config. Now, at connect attempt I get Password: Verification code: Password: Verification code: Password: ... I.e., It's asking for Password, not accepting pubkey AND when given the password (which is correct), and the GA VerificationCode, it simply repeats the credentials request.

https://bugzilla.mindrot.org/show_bug.cgi?id=2408 Bug ID: 2408 Summary: Expose authentication information to PAM Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: