我正在尝试根据以下内容设置双因素身份验证:https://duo.com/docs/duounix#pam-configuration
我在使用交互式键盘时遇到了问题。在 Ubuntu 16.04 上
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (keyboard-interactive).
我不知道问题出在哪里,我想知道是否有人有任何想法。通常,以下内容会提示请求推送通知的文本。这似乎是 PAM 的问题。感谢您的想法。
通用认证
auth requisite pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
我已将其添加到 ssh pam 文件中
auth [success=1 default=ignore] pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so//
auth [success=1 default=ignore] pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so
我的 sshd 配置文件有
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
#AuthorizedKeysFile %h/.ssh/authorized_keys
AuthenticationMethods publickey,keyboard-interactive
UsePAM yes
答案1
我遇到了同样的问题。如果你查看 /var/log/auth.log,你会看到 pam 抱怨缺少 pam_duo.so
将 pam 配置中 pam_duo.so 的所有引用更新为 /lib64/security/pam_duo.so