Linux PAM: SSH key + 2FA (google authenticator) + password - Specify auth requirements per userPublic-Key -or- Password & Google Authenticator for SSH LoginTrying to get SSH with public key (no password) + google authenticator working on Ubuntu 14.04.1PAM, RADIUS, Google Authenticator and Two Factor AuthSSH Authentication using RADIUS + Google AuthenticatorHow to enable Google Authenticator over sshd when already using public key?OpenSSH use (public key or password) + google authenticatorGoogle Authenticator PAM on SSH blocks root login without 2FAGoogle-authenticator with openvpn - AUTH: Received control message: AUTH_FAILEDIs the configuration I want possible? Problems with SSH to Redhat server using google authentication 2faRequire SSH key + Google Authenticator for one account, SSH key only for another

How to deceive the MC

Why was this character made Grand Maester?

Quantum corrections to geometry

Alexandrov's generalization of Cauchy's rigidity theorem

Is keeping the forking link on a true fork necessary (Github/GPL)?

Why do testers need root cause analysis?

Split into three!

Why isn't Tyrion mentioned in 'A song of Ice and Fire'?

Have any humans orbited the Earth in anything other than a prograde orbit?

Why is this integration method not valid?

Toxic, harassing lab environment

Why A=2 and B=1 in the call signs for Spirit and Opportunity?

Moons and messages

To exponential digit growth and beyond!

Knight's Tour on a 7x7 Board starting from D5

What is the limit to a Glyph of Warding's trigger?

Time complexity of an algorithm: Is it important to state the base of the logarithm?

Did significant numbers of Japanese officers escape prosecution during the Tokyo Trials?

What did the 'turbo' button actually do?

Did Game of Thrones end the way that George RR Martin intended?

Could a rotating ring space station have a bolo-like extension?

How to teach an undergraduate course without having taken that course formally before?

Complications of displaced core material?

The disk image is 497GB smaller than the target device



Linux PAM: SSH key + 2FA (google authenticator) + password - Specify auth requirements per user


Public-Key -or- Password & Google Authenticator for SSH LoginTrying to get SSH with public key (no password) + google authenticator working on Ubuntu 14.04.1PAM, RADIUS, Google Authenticator and Two Factor AuthSSH Authentication using RADIUS + Google AuthenticatorHow to enable Google Authenticator over sshd when already using public key?OpenSSH use (public key or password) + google authenticatorGoogle Authenticator PAM on SSH blocks root login without 2FAGoogle-authenticator with openvpn - AUTH: Received control message: AUTH_FAILEDIs the configuration I want possible? Problems with SSH to Redhat server using google authentication 2faRequire SSH key + Google Authenticator for one account, SSH key only for another






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app.



The issue that I have is that I would like to add exceptions to these requirements on a per-user basis.



For example, I want to enforce all of these auth methods for my user account, but specify another user (git - for my GitLab installation) to be accessed by SSH key only (no password or 2FA code required) so the push and pull behaviour works.



The only way I have found to get round this at the moment is to set auth required pam_google_authenticator.so nullok in the /etc/pam.d/sshd file, so the 2FA part is optional, as well as commenting out the @include common-auth line. This however means that while the 2FA part works, I am no longer asked for my password on my main account.



I have tried to do the following:



auth [success=1 default=ignore] pam_succeed_if.so user in git
@include common-auth


but this doesnt seem to work.



What do I need to do to enable all of the above auth methods by default, but add exceptions for specific user accounts like git etc?






ubuntu ssh bash pam google-authenticator







share|improve this question




























    0















    I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app.



    The issue that I have is that I would like to add exceptions to these requirements on a per-user basis.



    For example, I want to enforce all of these auth methods for my user account, but specify another user (git - for my GitLab installation) to be accessed by SSH key only (no password or 2FA code required) so the push and pull behaviour works.



    The only way I have found to get round this at the moment is to set auth required pam_google_authenticator.so nullok in the /etc/pam.d/sshd file, so the 2FA part is optional, as well as commenting out the @include common-auth line. This however means that while the 2FA part works, I am no longer asked for my password on my main account.



    I have tried to do the following:



    auth [success=1 default=ignore] pam_succeed_if.so user in git
    @include common-auth


    but this doesnt seem to work.



    What do I need to do to enable all of the above auth methods by default, but add exceptions for specific user accounts like git etc?






    ubuntu ssh bash pam google-authenticator







    share|improve this question
























      0












      0








      0








      I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app.



      The issue that I have is that I would like to add exceptions to these requirements on a per-user basis.



      For example, I want to enforce all of these auth methods for my user account, but specify another user (git - for my GitLab installation) to be accessed by SSH key only (no password or 2FA code required) so the push and pull behaviour works.



      The only way I have found to get round this at the moment is to set auth required pam_google_authenticator.so nullok in the /etc/pam.d/sshd file, so the 2FA part is optional, as well as commenting out the @include common-auth line. This however means that while the 2FA part works, I am no longer asked for my password on my main account.



      I have tried to do the following:



      auth [success=1 default=ignore] pam_succeed_if.so user in git
      @include common-auth


      but this doesnt seem to work.



      What do I need to do to enable all of the above auth methods by default, but add exceptions for specific user accounts like git etc?






      ubuntu ssh bash pam google-authenticator







      share|improve this question














      I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app.



      The issue that I have is that I would like to add exceptions to these requirements on a per-user basis.



      For example, I want to enforce all of these auth methods for my user account, but specify another user (git - for my GitLab installation) to be accessed by SSH key only (no password or 2FA code required) so the push and pull behaviour works.



      The only way I have found to get round this at the moment is to set auth required pam_google_authenticator.so nullok in the /etc/pam.d/sshd file, so the 2FA part is optional, as well as commenting out the @include common-auth line. This however means that while the 2FA part works, I am no longer asked for my password on my main account.



      I have tried to do the following:



      auth [success=1 default=ignore] pam_succeed_if.so user in git
      @include common-auth


      but this doesnt seem to work.



      What do I need to do to enable all of the above auth methods by default, but add exceptions for specific user accounts like git etc?






      ubuntu ssh bash pam google-authenticator




      ubuntu ssh bash pam google-authenticator






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 9 at 7:27









      Ben TurnerBen Turner

      1063




      1063




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Let's break down these requirements a bit.



          Configuring SSH



          First, in order to require public keys and password to provide, you need to modify your /etc/ssh/sshd_config by adding this line:



          AuthenticationMethods publickey,keyboard-interactive


          This way, everyone must have a public key, and must be able to provide their password upon login.



          To make exceptions, use the Match block. For example, let's assume that users who aren't restricted are in the come-as-please group. Then add these line to the end of the sshd_config file:



          Match Group come-as-please
           AuthenticationMethods publickey keyboard-interactive


          Note the absence of the comma, which means that members of the group may use either public key, or keyboard-interactive (password) authentication.



          Configuring google-authenticator



          To use google authenticator module, you meed to modify the /etc/pam.d/sshd file. After the



          @include common-auth


          line, add this one:



          auth required pam_google_authenticator.so nullok


          Also, in order to enable two-factor authentication, you need to modify your /etc/ssh/sshd_config file, adding this line:



          ChallengeResponseAuthentication yes


          After this, restart the SSH daemon.



          Setting user access



          After the above modifications, you have the following access settings:



          • Every user must have a public key installed, and must supply a password.

          • If there is a .google_authenticator file in the user's home directory, then they must supply the corresponding authenticator code as well.

          • Anyone who is member of the come-as-please group:

            • If they have a public key installed, they do not need to supply a password or the authenticator code, whether they have the .google_authenticator file in their home or not,

            • If they don't have a public key installed, they need to specify a password. They need to supply the authenticator code if the .google_authenticator file exists in their home directory.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966516%2flinux-pam-ssh-key-2fa-google-authenticator-password-specify-auth-requir%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Let's break down these requirements a bit.



            Configuring SSH



            First, in order to require public keys and password to provide, you need to modify your /etc/ssh/sshd_config by adding this line:



            AuthenticationMethods publickey,keyboard-interactive


            This way, everyone must have a public key, and must be able to provide their password upon login.



            To make exceptions, use the Match block. For example, let's assume that users who aren't restricted are in the come-as-please group. Then add these line to the end of the sshd_config file:



            Match Group come-as-please
             AuthenticationMethods publickey keyboard-interactive


            Note the absence of the comma, which means that members of the group may use either public key, or keyboard-interactive (password) authentication.



            Configuring google-authenticator



            To use google authenticator module, you meed to modify the /etc/pam.d/sshd file. After the



            @include common-auth


            line, add this one:



            auth required pam_google_authenticator.so nullok


            Also, in order to enable two-factor authentication, you need to modify your /etc/ssh/sshd_config file, adding this line:



            ChallengeResponseAuthentication yes


            After this, restart the SSH daemon.



            Setting user access



            After the above modifications, you have the following access settings:



            • Every user must have a public key installed, and must supply a password.

            • If there is a .google_authenticator file in the user's home directory, then they must supply the corresponding authenticator code as well.

            • Anyone who is member of the come-as-please group:

              • If they have a public key installed, they do not need to supply a password or the authenticator code, whether they have the .google_authenticator file in their home or not,

              • If they don't have a public key installed, they need to specify a password. They need to supply the authenticator code if the .google_authenticator file exists in their home directory.






            share|improve this answer



























              0














              Let's break down these requirements a bit.



              Configuring SSH



              First, in order to require public keys and password to provide, you need to modify your /etc/ssh/sshd_config by adding this line:



              AuthenticationMethods publickey,keyboard-interactive


              This way, everyone must have a public key, and must be able to provide their password upon login.



              To make exceptions, use the Match block. For example, let's assume that users who aren't restricted are in the come-as-please group. Then add these line to the end of the sshd_config file:



              Match Group come-as-please
               AuthenticationMethods publickey keyboard-interactive


              Note the absence of the comma, which means that members of the group may use either public key, or keyboard-interactive (password) authentication.



              Configuring google-authenticator



              To use google authenticator module, you meed to modify the /etc/pam.d/sshd file. After the



              @include common-auth


              line, add this one:



              auth required pam_google_authenticator.so nullok


              Also, in order to enable two-factor authentication, you need to modify your /etc/ssh/sshd_config file, adding this line:



              ChallengeResponseAuthentication yes


              After this, restart the SSH daemon.



              Setting user access



              After the above modifications, you have the following access settings:



              • Every user must have a public key installed, and must supply a password.

              • If there is a .google_authenticator file in the user's home directory, then they must supply the corresponding authenticator code as well.

              • Anyone who is member of the come-as-please group:

                • If they have a public key installed, they do not need to supply a password or the authenticator code, whether they have the .google_authenticator file in their home or not,

                • If they don't have a public key installed, they need to specify a password. They need to supply the authenticator code if the .google_authenticator file exists in their home directory.






              share|improve this answer

























                0












                0








                0







                Let's break down these requirements a bit.



                Configuring SSH



                First, in order to require public keys and password to provide, you need to modify your /etc/ssh/sshd_config by adding this line:



                AuthenticationMethods publickey,keyboard-interactive


                This way, everyone must have a public key, and must be able to provide their password upon login.



                To make exceptions, use the Match block. For example, let's assume that users who aren't restricted are in the come-as-please group. Then add these line to the end of the sshd_config file:



                Match Group come-as-please
                 AuthenticationMethods publickey keyboard-interactive


                Note the absence of the comma, which means that members of the group may use either public key, or keyboard-interactive (password) authentication.



                Configuring google-authenticator



                To use google authenticator module, you meed to modify the /etc/pam.d/sshd file. After the



                @include common-auth


                line, add this one:



                auth required pam_google_authenticator.so nullok


                Also, in order to enable two-factor authentication, you need to modify your /etc/ssh/sshd_config file, adding this line:



                ChallengeResponseAuthentication yes


                After this, restart the SSH daemon.



                Setting user access



                After the above modifications, you have the following access settings:



                • Every user must have a public key installed, and must supply a password.

                • If there is a .google_authenticator file in the user's home directory, then they must supply the corresponding authenticator code as well.

                • Anyone who is member of the come-as-please group:

                  • If they have a public key installed, they do not need to supply a password or the authenticator code, whether they have the .google_authenticator file in their home or not,

                  • If they don't have a public key installed, they need to specify a password. They need to supply the authenticator code if the .google_authenticator file exists in their home directory.






                share|improve this answer













                Let's break down these requirements a bit.



                Configuring SSH



                First, in order to require public keys and password to provide, you need to modify your /etc/ssh/sshd_config by adding this line:



                AuthenticationMethods publickey,keyboard-interactive


                This way, everyone must have a public key, and must be able to provide their password upon login.



                To make exceptions, use the Match block. For example, let's assume that users who aren't restricted are in the come-as-please group. Then add these line to the end of the sshd_config file:



                Match Group come-as-please
                 AuthenticationMethods publickey keyboard-interactive


                Note the absence of the comma, which means that members of the group may use either public key, or keyboard-interactive (password) authentication.



                Configuring google-authenticator



                To use google authenticator module, you meed to modify the /etc/pam.d/sshd file. After the



                @include common-auth


                line, add this one:



                auth required pam_google_authenticator.so nullok


                Also, in order to enable two-factor authentication, you need to modify your /etc/ssh/sshd_config file, adding this line:



                ChallengeResponseAuthentication yes


                After this, restart the SSH daemon.



                Setting user access



                After the above modifications, you have the following access settings:



                • Every user must have a public key installed, and must supply a password.

                • If there is a .google_authenticator file in the user's home directory, then they must supply the corresponding authenticator code as well.

                • Anyone who is member of the come-as-please group:

                  • If they have a public key installed, they do not need to supply a password or the authenticator code, whether they have the .google_authenticator file in their home or not,

                  • If they don't have a public key installed, they need to specify a password. They need to supply the authenticator code if the .google_authenticator file exists in their home directory.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered May 9 at 10:33









                LacekLacek

                2,2481116




                2,2481116



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966516%2flinux-pam-ssh-key-2fa-google-authenticator-password-specify-auth-requir%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

                    Image
                    Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
                    Read more

                    Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

                    Image
                    Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
                    Read more

                    Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

                    Image
                    OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
                    Read more