SSH 2-Factor Auth required for select users

Support for security such as Firewalls and securing linux
Post Reply
cmdlineidiot
Posts: 2
Joined: 2018/07/03 08:38:07

SSH 2-Factor Auth required for select users

Post by cmdlineidiot » 2018/07/03 08:50:53

Hi

I'd like to find out if it is possible to implement 2-factor auth for SSH on CentOS 7, but only for select users (administrators). It should be required for the administrators, but can be optional for the normal users.

I've implemented 2-factor auth for all users on a certain server, accepting key authentication as the first factor and password as the 2nd factor. Some of the normal users are now kicking up a storm as they now need to type in their passwords each time they log in.

Many thanks

bhoffmann
Posts: 4
Joined: 2018/07/05 20:34:57
Location: Kansas City, MO USA

Re: SSH 2-Factor Auth required for select users

Post by bhoffmann » 2018/07/06 20:56:45

Hello,

You can achieve this by using the "Match" directive in sshd_config then restarting the sshd service.

Code: Select all

Match Group linuxsa
     AuthenticationMethods publickey,password
Anyone in the linuxsa group will need to have both before they will authenticate using ssh.

Hope this helps.
Last edited by bhoffmann on 2018/07/09 12:14:37, edited 1 time in total.
Bruce Hoffmann
Unix System Administrator
Sprint

cmdlineidiot
Posts: 2
Joined: 2018/07/03 08:38:07

Re: SSH 2-Factor Auth required for select users

Post by cmdlineidiot » 2018/07/09 09:13:54

Thank you so much bhoffmann, this was exactly what I was looking for!!

Post Reply