Freeipa SSH Pubkey + OTP without Password

Question

Does anyone know how to configure a host connected to Freeipa so that 2FA passes by SSH PubKey + OTP, and not by password + OTP?

my sshd_config include:

UsePAM yes
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,keyboard-interactive:pam

score 0 · Answer 1 · answered Dec 20 '17 at 11:30

0

I'm not sure this is possible, because the pubkey authentication happens from inside sshd even before sshd runs the PAM authentication. But try asking on freeipa-users, the helpful folks there might have an answer.

answered Dec 20 '17 at 11:30

jhrozek

121
1

Freeipa SSH Pubkey + OTP without Password

1 Answers1