0

I have fully configured a LDAP server which works perfectly for authenticating users across my multiple nodes.

I wanted to add an extra layer of security with the usual two factor public private key.

I followed this guide : https://github.com/jirutka/ssh-ldap-pubkey

I added the schema, i can see that my users contains a public key as their parameters.

I am able to run the script and it returns me the users public keys.

The problem is that whenever i attempt an ssh connections to my machine, it just never ask for a private key. I was wondering if there is something i am missing ?

As the guide says, i have added to my sshd.conf :

AuthorizedKeysCommand /usr/bin/ssh-ldap-pubkey-wrapper
AuthorizedKeysCommandUser nobody

Rebooted, restarted but still my server never prompts for a private key. I am still able to log-in with just a user/password while it should deny me because i dind't provide a private key.

I am running on a test centos 6 machine, anybody knows if i am missing something in my PAM file ?

Stacknerd
  • 43
  • 5
  • Did you disable password auth and enabled key auth in your sshd config? – gxx Jul 07 '16 at 17:03
  • I did not.. what exactly do you have to change. Also, I would like to keep the password auth, so that every user have to log in with Username + password + privatekey – Stacknerd Jul 07 '16 at 17:07
  • 1
    Have a look at [this](https://security.stackexchange.com/questions/17931/possible-to-use-both-private-key-and-password-authentication-for-ssh-login). – gxx Jul 07 '16 at 17:14

1 Answers1

0

Adding this line in sshd.conf

RequiredAuthentications2 publickey,password

Fixed the issue on CentOS 6. Thanks to @gf_ for helping me out on this !

Stacknerd
  • 43
  • 5