Thanks for helping. I tried: AuthenticationMethods keyboard-interactive:skey password and AuthenticationMethods keyboard-interactive:skey,password
As of now In both cases I can login after only entering the password. I don't get an (skey prompt) f.ex. "otp-md5 96 oshi45820" but I only get a (standard) password prompt. After entering the password I'm logged in: AuthenticationMethods keyboard-interactive:skey password or AuthenticationMethods keyboard-interactive:skey,password Now with: AuthenticationMethods keyboard-interactive:skey password $ ssh -v localhost OpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/dda/.ssh/config debug1: /home/dda/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: auto-mux: Trying existing master debug1: Control socket "/home/dda/.ssh/master-dda@localhost" does not exist debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/dda/.ssh/id_rsa type -1 debug1: identity file /home/dda/.ssh/id_rsa-cert type -1 debug1: identity file /home/dda/.ssh/id_dsa type -1 debug1: identity file /home/dda/.ssh/id_dsa-cert type -1 debug1: identity file /home/dda/.ssh/id_ecdsa type -1 debug1: identity file /home/dda/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.3 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.3 debug1: match: OpenSSH_6.3 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr [email protected] [email protected] debug1: kex: client->server aes128-ctr [email protected] [email protected] debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 97:08:38:85:2f:4b:61:5e:29:5b:c3:a1:cf:c7:26:15 debug1: Host 'localhost' is known and matches the ECDSA host key. debug1: Found key in /home/dda/.ssh/known_hosts:27 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: password,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: password,keyboard-interactive debug1: Next authentication method: password dda@localhost's password: debug1: Enabling compression at level 6. debug1: Authentication succeeded (password). Authenticated to localhost ([127.0.0.1]:22). debug1: Local connections to LOCALHOST:8080 forwarded to remote address socks:0 debug1: Local forwarding listening on 127.0.0.1 port 8080. debug1: channel 0: new [port listener] debug1: Local forwarding listening on ::1 port 8080. debug1: channel 1: new [port listener] debug1: setting up multiplex master socket debug1: channel 2: new [/home/dda/.ssh/master-dda@localhost] debug1: channel 3: new [client-session] debug1: Entering interactive session. ________________________________________ From: Johan Mellberg [[email protected]] Sent: 03 September 2013 11:47 To: [email protected] Subject: Re: AuthenticationMethods skey, passwd: howto syntax? 2013/9/3 Didier Wiroth <[email protected]> > Yes I did. > Skey and password currently work (as standalone authentication) with sshd > and of course on the console (via username:skey syntax). > But If I try to use skey & password authentication together (via the > AuthenticationMethods) in sshd it doesn't work. > > Ok. > Hello, > > (I'm running 5.4-current) > > I would like to use multiple authentication in sshd : > > 2) skey > > 2) and passwd (as further authentication) > > > > I tried many different settings but I can't find the correct syntax > > for the AuthenticationMethod parameter. > > > It is hard to know what to suggest that you have not already tried... But (without having tried so no guarantees) here is what I would try: AuthenticationMethods keyboard-interactive:skey password Note the space, the comma signifies alternatives, space means a new list, one method from each list is required. New since OpenSSH 6.2 I think? This is if I read the sshd_config man page correctly. /Johan
