Yubico Forum
https://forum.yubico.com/

[QUESTION] Securing ssh by account
https://forum.yubico.com/viewtopic.php?f=23&t=2171
Page 1 of 1

Author:  Speeddymon [ Tue Jan 19, 2016 5:42 am ]
Post subject:  [QUESTION] Securing ssh by account

Hi, first time poster here, long time Yubikey user.

I've had my hosted server setup for quite some time with pam_yubico set as required. Tonight, I gave a friend an account on the server so she could host her site. I changed the module so it is now sufficient, which allows her to login without a Yubikey. But I want my account to still require one.

Is there some way to configure ssh to prompt for my OTP (and validate it against YubiCloud) while keeping the pam module set to sufficient?

Author:  velosol [ Fri Feb 26, 2016 3:18 am ]
Post subject:  Re: [QUESTION] Securing ssh by account

You may want to look at AuthenticationMethods in sshd_config. You might be able to set something like:

Code:
password,pam password


Which should theoretically allow either login with either password chained with PAM or password only. I've not done any setup like this so it's little more than a guess at something that might help.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/