----- Original Message -----
> Hi ,
> 
> I'm exploring implementing a 2FA solution to my servers exposed to public.
> Mainly to secure SSH with 2FA. The SSH keys and users are already in
> FreeIPA.
> 
> Is there a way to utilize the OTP inside FreeIPA during a user login to these
> servers ? A user will have to enter the TOTP code bases on whats configured
> in FreeIPA. Something along the lines of
> https://github.com/google/google-authenticator/tree/master/libpam
If you are using SSSD (pam_sss), it will automatically accept 2FA.

You need to force OpenSSH to combine authentication methods, something like:

AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam

Look into sshd_config manual page for details. This is feature of OpenSSH 6.2 
or later.

-- 
/ Alexander Bokovoy

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to