03-16-2019 04:33 AM
Dear,
i want to use DUO for my SSHD. All works fine in default configuration using pubkey + DUO.
But i want to separate/differ the authentication methods depending on clients IP.
Using defaults “/etc/pam.d/sshd” i got the expected result
Using pam_duo.so at “/etc/pam.d/sshd”, as described (Debian) i got:
Seems the sshd_config are ok (prooft by pubkey+password combination), i think!
Any idea how to configure this scenario? Thanks in advanced!
Dieter
My sshd_config (essentials):
Protocol 2
UsePrivilegeSeparation yes
PermitEmptyPasswords no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/xyz
PasswordAuthentication no
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,keyboard-interactive
UsePAM yes
UseDNS yes/no
Match Address 127.0.0.* Host localhost
PubkeyAuthentication no
PasswordAuthentication yes
AuthenticationMethods password
Match Address 192.168.1.*
PubkeyAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey
Default /etc/pam.d/sshd:
@include common-auth
#which is identical to
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
:
DUO modified /etc/pam.d/sshd:
#@include common-auth
#duo-unix
auth [success=1 default=ignore] pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
:
DUO modified second /etc/pam.d/sshd:
#@include common-auth
#duo-unix
auth [success=1 default=ignore] pam_duo.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
:
04-28-2019 11:52 PM
No Suggestions?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide