Otdfbt

Illustrating that universal optimality is stronger than sphere packing

Ribbon Cable Cross Talk - Is there a fix after the fact?

Adobe Illustrator: How can I change the profile of a dashed stroke?

Are there historical examples of audiences drawn to a work that was "so bad it's good"?

Why is this integration method not valid?

amsmath: How can I use the equation numbering and label manually and anywhere?

Proto-Indo-European (PIE) words with IPA

Keeping the dodos out of the field

why "American-born", not "America-born"?

How many wires should be in a new thermostat cable?

size of pointers and architecture

Salesforce bug enabled "Modify All"

How could the B-29 bomber back up under its own power?

csname in newenviroment

Is being an extrovert a necessary condition to be a manager?

Real Analysis: Proof of the equivalent definitions of the derivative.

Is there an idiom that means that you are in a very strong negotiation position in a negotiation?

If a character has cast the Fly spell on themselves, can they "hand off" to the Levitate spell without interruption?

Make the `diff` command look only for differences from a specified range of lines

How did the Allies achieve air superiority on Sicily?

What is this dime sized black bug with white on the segments near Loveland Colorodao?

Is the default 512 byte physical sector size appropriate for SSD disks under Linux?

Singular Integration

Coloring lines in a graph the same color if they are the same length

SSH disabling google-authenticator from specific IP

Two Factor SSH Authentication on external address onlySSH Google Authenticator Ignore/Whitelist ipsCentos 5 VPS: sshd freezesSsh autorestart remote tunnel reliability problemsLoggin in ssh server: Permission denied, please try againDifferent “RequiredAuthentications2” for sshd and sftp subsystemSSH Authentication using RADIUS + Google AuthenticatorOpenSSH use (public key or password) + google authenticatorCentOS 7 SSH and 2FA (ESET Secure Authentication)Use a different password for SSH access from local loginIs the configuration I want possible? Problems with SSH to Redhat server using google authentication 2faRequire SSH key + Google Authenticator for one account, SSH key only for another

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I have setup google-authenticator as 2FA together with publickey authentication. What I need is to skip the 2FA when connecting by SSH from specific IP.

I'm running Ubuntu 18.04.

Relevant snippet from of /etc/pam.d/sshd

# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
#@include common-auth
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

/etc/security/access-local.conf

#localhost doesn't need two step verification
+ : ALL : 192.168.1.20
#All other hosts need two step verification
- : ALL : ALL

/etc/ssh/sshd_config

PermitRootLogin no 

PubkeyAuthentication yes

AuthenticationMethods publickey,keyboard-interactive:pam

/etc/ssh/ssh_known_hosts

PasswordAuthentication no

ChallengeResponseAuthentication yes

UsePAM yes

X11Forwarding no

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

The result

Permission denied (keyboard-interactive).

I have restarted sshd after every change, even tried to reboot the machine.

Before marking this as a duplicate I have tried all these answers, none of them seems to work, also several other resources on the Internet:

SSH Google Authenticator Ignore/Whitelist ips

Two Factor SSH Authentication on external address only

At this point I'm not sure what am I missing.

Edit: I changed the question, the original was about connecting from localhost which as was pointed out by michael-hampton in the comments was useless. Thanks.

ubuntu ssh pam ubuntu-18.04 google-authenticator

share|improve this question

edited May 8 at 16:17

J91321

asked May 8 at 11:38

J91321J91321

1164

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Why are you having ansible ssh to the local host?
  
  – Michael Hampton♦
  May 8 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I didn't read the documentation and automatically assumed it needed SSH access without actually checking. Well that was a waste of time. I'll edit the question, because it still has problems when using remote IP.
  
  – J91321
  May 8 at 16:08
  

  
  
  
  

add a comment | 

0

I have setup google-authenticator as 2FA together with publickey authentication. What I need is to skip the 2FA when connecting by SSH from specific IP.

I'm running Ubuntu 18.04.

Relevant snippet from of /etc/pam.d/sshd

# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
#@include common-auth
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

/etc/security/access-local.conf

#localhost doesn't need two step verification
+ : ALL : 192.168.1.20
#All other hosts need two step verification
- : ALL : ALL

/etc/ssh/sshd_config

PermitRootLogin no 

PubkeyAuthentication yes

AuthenticationMethods publickey,keyboard-interactive:pam

/etc/ssh/ssh_known_hosts

PasswordAuthentication no

ChallengeResponseAuthentication yes

UsePAM yes

X11Forwarding no

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

The result

Permission denied (keyboard-interactive).

I have restarted sshd after every change, even tried to reboot the machine.

Before marking this as a duplicate I have tried all these answers, none of them seems to work, also several other resources on the Internet:

SSH Google Authenticator Ignore/Whitelist ips

Two Factor SSH Authentication on external address only

At this point I'm not sure what am I missing.

Edit: I changed the question, the original was about connecting from localhost which as was pointed out by michael-hampton in the comments was useless. Thanks.

ubuntu ssh pam ubuntu-18.04 google-authenticator

share|improve this question

edited May 8 at 16:17

J91321

asked May 8 at 11:38

J91321J91321

1164

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Why are you having ansible ssh to the local host?
  
  – Michael Hampton♦
  May 8 at 14:35
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I didn't read the documentation and automatically assumed it needed SSH access without actually checking. Well that was a waste of time. I'll edit the question, because it still has problems when using remote IP.
  
  – J91321
  May 8 at 16:08
  

  
  
  
  

add a comment | 

I have setup google-authenticator as 2FA together with publickey authentication. What I need is to skip the 2FA when connecting by SSH from specific IP.

I'm running Ubuntu 18.04.

Relevant snippet from of /etc/pam.d/sshd

# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
#@include common-auth
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

/etc/security/access-local.conf

#localhost doesn't need two step verification
+ : ALL : 192.168.1.20
#All other hosts need two step verification
- : ALL : ALL

/etc/ssh/sshd_config

PermitRootLogin no 

PubkeyAuthentication yes

AuthenticationMethods publickey,keyboard-interactive:pam

/etc/ssh/ssh_known_hosts

PasswordAuthentication no

ChallengeResponseAuthentication yes

UsePAM yes

X11Forwarding no

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

The result

Permission denied (keyboard-interactive).

I have restarted sshd after every change, even tried to reboot the machine.

Before marking this as a duplicate I have tried all these answers, none of them seems to work, also several other resources on the Internet:

SSH Google Authenticator Ignore/Whitelist ips

Two Factor SSH Authentication on external address only

At this point I'm not sure what am I missing.

Edit: I changed the question, the original was about connecting from localhost which as was pointed out by michael-hampton in the comments was useless. Thanks.

ubuntu ssh pam ubuntu-18.04 google-authenticator

share|improve this question

edited May 8 at 16:17

J91321

asked May 8 at 11:38

J91321J91321

1164

# PAM configuration for the Secure Shell service
# Standard Un*x authentication.
#@include common-auth
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so

# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so

# Standard Un*x authorization.
@include common-account

#localhost doesn't need two step verification
+ : ALL : 192.168.1.20
#All other hosts need two step verification
- : ALL : ALL

PermitRootLogin no 

PubkeyAuthentication yes

AuthenticationMethods publickey,keyboard-interactive:pam

/etc/ssh/ssh_known_hosts

PasswordAuthentication no

ChallengeResponseAuthentication yes

UsePAM yes

X11Forwarding no

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

Permission denied (keyboard-interactive).

share|improve this question

edited May 8 at 16:17

J91321

asked May 8 at 11:38

J91321J91321

1164

share|improve this question

edited May 8 at 16:17

J91321

asked May 8 at 11:38

J91321J91321

1164

asked May 8 at 11:38

J91321J91321

1164

asked May 8 at 11:38

J91321J91321

1164