<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>hi LS,<div><br></div><div>I am using IPA Server - <span style="font-size: 12pt;">VERSION: 4.2.0, API_VERSION: 2.156</span></div><div>sssd version on my IPA server: <span style="font-size: 12pt;">1.13.0</span></div><div>sssd version on my IPA client (ubuntu): <span style="font-size: 12pt;">1.11.8</span></div><div><br></div><div>I have new "testhip2user" created in IPA Server with 2FA enabled. My /etc/ssh/sshd_config has this entry </div><div> <p class="p1"><span class="s1">AuthorizedKeysFile</span><span class="s2"> </span><span class="s3">%h</span><span class="s2">/.ssh/authorized_keys</span></p><p class="p1"><span class="s2"> </span></p><p class="p1"><span class="s1">#ChallengeResponseAuthentication no</span></p><p class="p1"><span class="s1"> </span></p><p class="p1"><span class="s1">PasswordAuthentication</span><span class="s2"> </span><span class="s3">no</span></p></div><div>Match User testhip2user<br> AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam</div><div><br></div><div>When i am trying to ssh with private key of testhip2user into IPA client then this what i see in ssh auth.log as keep getting prompted for password and then it end with permission denied error</div><div><br></div><div> <p class="p1"><span class="s1">Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" in AuthenticationMethods list "publickey,password:pam"</span></p> <p class="p1"><span class="s1">Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list "publickey,password:pam" contains disabled method, skipping</span></p> <p class="p1"><span class="s1">Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" in AuthenticationMethods list "publickey,password:pam" [preauth]</span></p> <p class="p1"><span class="s1">Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list "publickey,password:pam" contains disabled method, skipping [preauth]</span></p><p class="p1"><span class="s1">Sep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2user</span></p><p class="p1"><span class="s1">Sep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2user</span></p><p class="p1"><span class="s1">Sep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): received for user testhip2user: 6 (Permission denied)</span></p><p class="p1"><span class="s1">Sep 21 12:42:53 ip-172-31-30-146 sshd[7530]: error: PAM: Authentication failure for testhip2user from 50-201-125-254-static.hfc.comcastbusiness.net</span></p><p class="p1"><span class="s1"> </span></p><p class="p2"><span class="s1"></span><br></p></div><div><br></div><div> <p class="p1">Thanks for your time and helping me with this</p><p class="p1"><br></p><p class="p1">Best Regards,</p><p class="p1">Deepak</p><br><div>> Date: Fri, 16 Sep 2016 10:43:26 +0200<br>> From: lslebodn@redhat.com<br>> To: deepak_dimri@hotmail.com<br>> CC: freeipa-users@redhat.com<br>> Subject: Re: [Freeipa-users] 2FA using FreeIPA<br>> <br>> On (13/09/16 03:49), Deepak Dimri wrote:<br>> >Hi All,<br>> >I have below lines added to my sshd_config file for testuser. <br>> ><br>> ><br>> ><br>> >Match User testuser<br>> > AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam<br>> >I have OTP enable for tapuser in IPA and i am able to login to GUI using the password + OTP. However when i try to ssh i am getting prompted for first factor then second factor and then it ends with "Permission denied (keyboard-interactive)." error. What could be wrong here? <br>> >Regards,Deepak<br>> ><br>> Please provide versions of freeIPA server packages, version of sssd.<br>> And it would be good to seed the exact output of ssh authentication.<br>> <br>> LS<br></div></div> </div></body> </html>