Hi
I'd like to find out if it is possible to implement 2-factor auth for SSH on CentOS 7, but only for select users (administrators). It should be required for the administrators, but can be optional for the normal users.
I've implemented 2-factor auth for all users on a certain server, accepting key authentication as the first factor and password as the 2nd factor. Some of the normal users are now kicking up a storm as they now need to type in their passwords each time they log in.
Many thanks
SSH 2-Factor Auth required for select users
Re: SSH 2-Factor Auth required for select users
Hello,
You can achieve this by using the "Match" directive in sshd_config then restarting the sshd service.
Anyone in the linuxsa group will need to have both before they will authenticate using ssh.
Hope this helps.
You can achieve this by using the "Match" directive in sshd_config then restarting the sshd service.
Code: Select all
Match Group linuxsa
AuthenticationMethods publickey,password
Hope this helps.
Last edited by bhoffmann on 2018/07/09 12:14:37, edited 1 time in total.
Bruce Hoffmann
Unix System Administrator
Sprint
Unix System Administrator
Sprint
-
- Posts: 2
- Joined: 2018/07/03 08:38:07
Re: SSH 2-Factor Auth required for select users
Thank you so much bhoffmann, this was exactly what I was looking for!!