----- Original Message -----
> Hi ,
> I'm exploring implementing a 2FA solution to my servers exposed to public.
> Mainly to secure SSH with 2FA. The SSH keys and users are already in
> Is there a way to utilize the OTP inside FreeIPA during a user login to these
> servers ? A user will have to enter the TOTP code bases on whats configured
> in FreeIPA. Something along the lines of
If you are using SSSD (pam_sss), it will automatically accept 2FA.
You need to force OpenSSH to combine authentication methods, something like:
AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam
Look into sshd_config manual page for details. This is feature of OpenSSH 6.2
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project