I am trying to add 2FA to sshd using PAM from oathtool package. I want two ways to login to server:
- publickey and 2FA, or
- password and 2FA
So far I managed to add 2FA to publickey authentication, but don't know how to join password with 2FA.
My sshd_config (OpenSSH_6.6p1, OpenSSL 1.0.1g 7 Apr 2014):
AuthenticationMethods publickey,keyboard-interactive:pam password,keyboard-interactive:pam
ChallengeResponseAuthentication yes
PasswordAuthentication yes
UsePAM yes
PAM sshd:
auth required pam_oath.so usersfile=/etc/users.oath window=30
But this config has no sense: when I am trying to login using password+2FA I asked twice for F2A (once as password, second as OATH.