I have set up 2FA for SSH access to Ubuntu server (hosted in AWS). When the user initiates their SSH connection, they are given two options: 1. Duo push to xxx-xxx-xxxx and 2. SMS passcodes to xxx-xxx-xxxx. And these options work fine. However, this user also has a hardware token (YubiOTP) assigned to them. Should they not be presented with a 3rd option where they can inject their OTP code from the YubiKey?
Is passcode an option? For one of my Ubuntu servers my prompt looks like:
Enter a passcode or select one of the following options: 1. Duo Push to XXX-XXX-XXXX Passcode or option (1-1):
At the prompt I tap my Yubikey and then the code is accepted.
Ah. That is it. Thank you Kevin.