Hi Andy,
thanks for the help, especially on Sunday!
I blindly followed the instructions provided on
https://omnios.omniti.com/wiki.php/Upgrade_to_r151020 but yes, the
recommendation of s/sshd-kbdint/sshd/ was (at least in my case) wrong
and by reverting to sshd-kbdint I got the 2FA back.
Thanks!
Olaf
On 06/11/2016 14:15, Andy Fiddaman wrote:
On Sun, 6 Nov 2016, Olaf Marzocchi wrote:
; Hi,
; I started updating my server, therefore OpenSSH first. After that one I
; restarted the server.
; I can login with my pass but two factor authentication doesn't work anymore,
; I'm never asked for it.
I've just checked one of my servers that uses 2FA and I have both
sshd-kbdint and sshd at the end of pam.conf. Perhaps you need both?
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth required pam_unix_cred.so.1
sshd-kbdint auth required pam_unix_auth.so.1
sshd-kbdint auth required /opt/CITotp/lib/pam_mobile_otp.so
sshdauth requisite pam_authtok_get.so.1
sshdauth required pam_dhkeys.so.1
sshdauth required pam_unix_cred.so.1
sshdauth required pam_unix_auth.so.1
sshdauth required /opt/CITotp/lib/pam_mobile_otp.so
Debug output from sshd says:
debug3: /etc/ssh/sshd_config:100 setting UsePAM yes
/etc/ssh/sshd_config line 100: ignoring UsePAM option value. This option is
always on.
debug3: PAM service is sshd-none
debug3: PAM service is sshd-pubkey
debug3: PAM service is sshd-kbdint
___
OmniOS-discuss mailing list
OmniOS-discuss@lists.omniti.com
http://lists.omniti.com/mailman/listinfo/omnios-discuss
