I just received my Yubikey in the mail today and successfully got 2FA working with SSH for publickey OR password+yubikey (keyboard-interactive). While I was reading a bunch of sites trying to figure out how to set this up, I stumbled upon "AuthenticationMethods" for SSH configs and got intrigued: could I set up SSH to require publickey+password OR password+yubikey. Unfortunately I couldn't figure it out.
My attempted config was:
Code:
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,password keyboard-interactive:pam
UsePAM Yes
What happened is that it took my publickey and then spit out:
Quote:
Further authentication required
Using keyboard-interactive authentication.
I put in my password but then it also prompted for my OTP... which I don't want to have to use if I have my publickey.
Does anyone have any ideas how to solve this? It appears PAM is taking over for "password" authentication which I don't know how to stop.
Login
FAQ
Search
