[Q?] Setting up SSH for publickey+passwd OR passwd+yubikey

2015-11-14T22:32:13+01:00

I just received my Yubikey in the mail today and successfully got 2FA working with SSH for publickey OR password+yubikey (keyboard-interactive). While I was reading a bunch of sites trying to figure out how to set this up, I stumbled upon "AuthenticationMethods" for SSH configs and got intrigued: could I set up SSH to require publickey+password OR password+yubikey. Unfortunately I couldn't figure it out.

My attempted config was:

Code:

PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,password keyboard-interactive:pam
UsePAM Yes

What happened is that it took my publickey and then spit out:

Quote:

Further authentication required
Using keyboard-interactive authentication.

I put in my password but then it also prompted for my OTP... which I don't want to have to use if I have my publickey.

Does anyone have any ideas how to solve this? It appears PAM is taking over for "password" authentication which I don't know how to stop.

Statistics: Posted by Caligatio — Sat Nov 14, 2015 10:32 pm

Yubico Forum

[Q?] Setting up SSH for publickey+passwd OR passwd+yubikey