Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • This configuration will allow authentication with SSH key but then will ask user password and then the verification code. Commented Dec 4, 2020 at 9:10
  • @yurtesen Are you sure, did we try that latter approach? I get the idea that we would have to configure (per user) whether to use password or key-basd auth. It's not super-pretty but it could work if we can't make it work in any other way... Commented Dec 15, 2020 at 14:08
  • @PerLundberg first of all if you check, he has same methods for all and per user config. But more importantly publickey authentication does NOT support 2FA. At the same time you can only have 1 type of keyboard-interactive. You can have password, password+totp or totp only based on PAM configuration.If you set keyboard-interactive to use only TOTP, then people can login only with TOTP passwords but they can't login using normal passwords anymore. Try on your Linux machine :) Commented Dec 15, 2020 at 15:31
  • Thanks @yurtesen. Yes, I will play around with this a bit more at some point to see if I can find a solution. Commented Dec 17, 2020 at 8:05