hi LS,
I am using IPA Server - VERSION: 4.2.0, API_VERSION: 2.156sssd version on my 
IPA server: 1.13.0sssd version on my IPA client (ubuntu): 1.11.8
I have new "testhip2user" created in IPA Server with 2FA enabled. My 
/etc/ssh/sshd_config has this entry 







AuthorizedKeysFile      %h/.ssh/authorized_keys







#ChallengeResponseAuthentication no







PasswordAuthentication noMatch User testhip2user
    AuthenticationMethods publickey,password:pam 
publickey,keyboard-interactive:pam
When i am trying to ssh with private key of testhip2user into IPA client then 
this what i see in ssh auth.log as keep getting prompted for password and then 
it end with permission denied error








Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" 
in AuthenticationMethods list "publickey,password:pam"
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list 
"publickey,password:pam" contains disabled method, skipping
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" 
in AuthenticationMethods list "publickey,password:pam" [preauth]
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list 
"publickey,password:pam" contains disabled method, skipping [preauth]Sep 21 
12:42:50 ip-172-31-30-146 sshd[7533]: pam_unix(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=50-201-125-254-static.hfc.comcastbusiness.net  user=testhip2userSep 21 
12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): authentication 
failure; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2userSep 21 
12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): received for user 
testhip2user: 6 (Permission denied)Sep 21 12:42:53 ip-172-31-30-146 sshd[7530]: 
error: PAM: Authentication failure for testhip2user from 
50-201-125-254-static.hfc.comcastbusiness.net





















Thanks for your time and helping me with this
Best Regards,Deepak
> Date: Fri, 16 Sep 2016 10:43:26 +0200
> From: lsleb...@redhat.com
> To: deepak_di...@hotmail.com
> CC: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] 2FA using FreeIPA
> 
> On (13/09/16 03:49), Deepak Dimri wrote:
> >Hi All,
> >I have below lines added to my sshd_config file for testuser.  
> >
> >
> >
> >Match User testuser
> >    AuthenticationMethods publickey,password:pam 
> > publickey,keyboard-interactive:pam
> >I have OTP enable for tapuser in IPA and i am able to login to GUI using the 
> >password + OTP.  However when i try to ssh i am getting prompted for first 
> >factor then second factor and then it ends with "Permission denied 
> >(keyboard-interactive)." error.  What could be wrong here? 
> >Regards,Deepak
> >
> Please provide versions of freeIPA server packages, version of sssd.
> And it would be good to seed the exact output of ssh authentication.
> 
> LS
                                          
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to