[OmniOS-discuss] OmniOS r151020 is now out!
Olaf Marzocchi
lists at marzocchi.net
Sun Nov 6 15:38:38 UTC 2016
Hi Andy,
thanks for the help, especially on Sunday!
I blindly followed the instructions provided on
https://omnios.omniti.com/wiki.php/Upgrade_to_r151020 but yes, the
recommendation of s/sshd-kbdint/sshd/ was (at least in my case) wrong
and by reverting to sshd-kbdint I got the 2FA back.
Thanks!
Olaf
On 06/11/2016 14:15, Andy Fiddaman wrote:
>
>
> On Sun, 6 Nov 2016, Olaf Marzocchi wrote:
>
> ; Hi,
> ; I started updating my server, therefore OpenSSH first. After that one I
> ; restarted the server.
> ; I can login with my pass but two factor authentication doesn't work anymore,
> ; I'm never asked for it.
>
> I've just checked one of my servers that uses 2FA and I have both
> sshd-kbdint and sshd at the end of pam.conf. Perhaps you need both?
>
> sshd-kbdint auth requisite pam_authtok_get.so.1
> sshd-kbdint auth required pam_dhkeys.so.1
> sshd-kbdint auth required pam_unix_cred.so.1
> sshd-kbdint auth required pam_unix_auth.so.1
> sshd-kbdint auth required /opt/CITotp/lib/pam_mobile_otp.so
>
> sshd auth requisite pam_authtok_get.so.1
> sshd auth required pam_dhkeys.so.1
> sshd auth required pam_unix_cred.so.1
> sshd auth required pam_unix_auth.so.1
> sshd auth required /opt/CITotp/lib/pam_mobile_otp.so
>
>
> Debug output from sshd says:
>
> debug3: /etc/ssh/sshd_config:100 setting UsePAM yes
> /etc/ssh/sshd_config line 100: ignoring UsePAM option value. This option is always on.
> debug3: PAM service is sshd-none
> debug3: PAM service is sshd-pubkey
> debug3: PAM service is sshd-kbdint
>
More information about the OmniOS-discuss
mailing list