Displaying 7 results from an estimated 7 matches for "pam_google_authenticator".
2020 Jun 05
0
Google authenticator on C8
Hi folks
I have installed Google authenticator on a few C8 boxes
This is working fine on all of them except one...
- google-authenticator is installed and the box is added to my Android app
- /etc/pam.d/sshd contains
auth sufficient pam_google_authenticator.so
- /etc/ssh/sshd_config contains ChallengeResponseAuthentication yes
- sshd restarted
When logging in, I'm prompted with the password (i.e. no request OTP
request)
I have already uninstalled/reinstalled/rebooted and compared the config
files across boxes... but I can't see what I have...
2016 Feb 18
2
Let PAM know about accepted pubkey?
...ive' is used). From my digging in the source,
it seems it is currently not.
Would it be possible to provide this information? Maybe using
do_pam_putenv()? Would there be any security implications of doing this?
The reason I'm asking is that I'm looking into using 2FA (i.e. pubkey +
pam_google_authenticator) for *some* of my SSH keys. For example, a SSH
privkey on my trusted box can login without verification code, but
another SSH privkey on my not-as-trusted box requires a verification
code to login.
My initial thought was to implemented it through a pubkey whitelist in
the specific PAM module,...
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote:
> testing goole-authenticator's standalone functionality, it
>
> > cd google-authenticator/libpam/
> > ./demo
> Verification code: 123456
> Login failed
> Invalid verification code
> >
>
> fails with an INVALID code, and
>
> > ./demo
> Verification code:
2014 Dec 18
4
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
...to ADD a 2nd factor authentication step; specifically Google
Authenticator
I installed
pam-google-authenticator
package.
At shell, I exec
google-authenticator
and create the key
I edit
vi /etc/pam.d/sshd
...
+ auth required pam_google_authenticator.so
...
and
vi /etc/ssh/sshd_config
...
- ChallengeResponseAuthentication no
+ ChallengeResponseAuthentication yes
+ KbdInteractiveAuthentication yes
...
and restart the daemon...
2014 Dec 23
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
...M: sshpam_respond
entering, 1 responses
Dec 23 07:05:27 server sshd[23109]: Postponed keyboard-interactive/pam
for root from 2001:xxx:xxxx:xxx::107 port 48866 ssh2 [preauth]
Dec 23 07:05:34 server sshd[23109]: debug2: PAM: sshpam_respond
entering, 1 responses
Dec 23 07:05:34 server sshd(pam_google_authenticator)[23111]: Invalid
verification code
Dec 23 07:05:34 server sshd[23109]: error: PAM: Authentication failure
for root from 2001:xxx:xxxx:xxx::107
Dec 23 07:05:34 server sshd[23109]: debug2: auth2_challenge_start:
devices <empty> [preauth]
Dec 23 07:05:34 server sshd[23109]: debug2: m...
2014 Dec 19
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
I added an EXPLICIT
AuthenticationMethods publickey,keyboard-interactive
+ UsePam yes
to sshd_config. Now, at connect attempt I get
Password:
Verification code:
Password:
Verification code:
Password:
...
I.e.,
It's asking for Password, not accepting pubkey
AND
when given the password (which is correct), and the GA VerificationCode, it
simply repeats the credentials request.
2015 Jun 03
30
[Bug 2408] New: Expose authentication information to PAM
https://bugzilla.mindrot.org/show_bug.cgi?id=2408
Bug ID: 2408
Summary: Expose authentication information to PAM
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: