[Bug 3303] Request Match block accommodation for 2FA sshd_config

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Apr 28 03:50:56 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3303

--- Comment #2 from Meryll <alwanza at yahoo.com> ---
Darren - thank you for your response.  It was worth a try... but didn't
seem to solve my issue.

KbdInteractiveAuthentication was an accepted directive both within the
sshd_config file and the Match block.

When I substituted KbdInteractiveAuthentication for
ChallengeResponseAuthentication, I was no longer prompted for my
"Verification Code" at login.  After entering the passphrase associated
with my public key I was prompted for a "password" and nothing I
entered (password, passphrase, nor authentication code) was accepted,
so I was effectively locked out.

When I reenabled ChallengeResponseAuthentication with
KbdInteractiveAuthentication, there was no change from the original
behavior I described.

My openssh version is 8.0 (on CentOS 8.3.2011).  I am using Google
Authenticator as my 2FA.

Did I miss a step?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list