<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>Hi All,<div><br></div><div>I want to protect my publicly exposed AWS EC2 instances with SSH key and OTP. I have my freeIPA v4 all up and running. I am able to SSH in to my IPA clients with my private key however i want to include OTP into this login process. I have enabled OTP for one test user in my FreeIPA and i am able to login with password+OTP using browser admin URL BUT how do i challenge the same user for OTP when trying to SSH login into RedHat?</div><div><br></div><div>I have tried adding this in my freeIPA server /etc/ssh/sshd_config but no luck - do not get challenged for OTP when using SSH.</div><div><br></div> <pre style="margin-top: 0px; margin-bottom: 1em; padding: 5px; border: 0px; font-size: 13px; width: auto; max-height: 600px; overflow: auto; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; word-wrap: normal; color: rgb(36, 39, 41); background-color: rgb(239, 240, 241);"><code style="margin: 0px; padding: 0px; border: 0px; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; white-space: inherit;">ChallengeResponseAuthentication yes UsePAM yes AuthenticationMethods publickey,keyboard-interactive PasswordAuthentication no</code></pre><div><br></div><div>Thanks in Advance,</div><div>Deepak</div> </div></body> </html>