[Freeipa-users] 2FA using FreeIPA

Deepak Dimri deepak_dimri at hotmail.com
Wed Sep 21 12:49:13 UTC 2016 

hi LS,
I am using IPA Server - VERSION: 4.2.0, API_VERSION: 2.156sssd version on my IPA server: 1.13.0sssd version on my IPA client (ubuntu): 1.11.8
I have new "testhip2user" created in IPA Server with 2FA enabled. My /etc/ssh/sshd_config has this entry 







AuthorizedKeysFile      %h/.ssh/authorized_keys







#ChallengeResponseAuthentication no







PasswordAuthentication noMatch User testhip2user
    AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam
When i am trying to ssh with private key of testhip2user into IPA client then this what i see in ssh auth.log as keep getting prompted for password and then it end with permission denied error








Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" in AuthenticationMethods list "publickey,password:pam"
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list "publickey,password:pam" contains disabled method, skipping
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: error: Disabled method "password" in AuthenticationMethods list "publickey,password:pam" [preauth]
Sep 21 12:42:04 ip-172-31-30-146 sshd[7530]: Authentication methods list "publickey,password:pam" contains disabled method, skipping [preauth]Sep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-125-254-static.hfc.comcastbusiness.net  user=testhip2userSep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-125-254-static.hfc.comcastbusiness.net user=testhip2userSep 21 12:42:50 ip-172-31-30-146 sshd[7533]: pam_sss(sshd:auth): received for user testhip2user: 6 (Permission denied)Sep 21 12:42:53 ip-172-31-30-146 sshd[7530]: error: PAM: Authentication failure for testhip2user from 50-201-125-254-static.hfc.comcastbusiness.net





















Thanks for your time and helping me with this
Best Regards,Deepak
> Date: Fri, 16 Sep 2016 10:43:26 +0200
> From: lslebodn at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] 2FA using FreeIPA
> 
> On (13/09/16 03:49), Deepak Dimri wrote:
> >Hi All,
> >I have below lines added to my sshd_config file for testuser.  
> >
> >
> >
> >Match User testuser
> >    AuthenticationMethods publickey,password:pam publickey,keyboard-interactive:pam
> >I have OTP enable for tapuser in IPA and i am able to login to GUI using the password + OTP.  However when i try to ssh i am getting prompted for first factor then second factor and then it ends with "Permission denied (keyboard-interactive)." error.  What could be wrong here? 
> >Regards,Deepak
> >
> Please provide versions of freeIPA server packages, version of sssd.
> And it would be good to seed the exact output of ssh authentication.
> 
> LS
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160921/87c57018/attachment.htm>

More information about the Freeipa-users mailing list