[Linux] Avoid Some Account don’t have OTP
Posted On 2019-11-30
- OS Version: Redhat 7.5
- OTP Version: Google Two Factor Authentication
Some people setting two factor authentication on the ssh service, but some of the accout haven't set up OTP yet. Here will tell you how to escape the OTP login.
Problem
When you try to login by ssh and you probably will see this,
and even you type right password you still can not login to the server. The reason is that OTP configuration will affect all accounts that try to log in using ssh.
Solution
You have to modify the config to let some account can escape the OTP.
Original Config
You probabloy will see below config in your <code>/etc/pam.d/sshd</code>
file.
auth required pam_google_authenticator.so
Fix Config
auth required pam_google_authenticator.so nullok
That's all.
Reference
google authenticator for certain users
google-authenticator-libpam / nullok
sshd: How to enable PAM authentication for specific users under
How To Set Up Multi-Factor Authentication for SSH on Ubuntu 16.04