[Linux] Avoid Some Account don’t have OTP

Posted On 2019-11-30

• OS Version: Redhat 7.5
• OTP Version: Google Two Factor Authentication

Some people setting two factor authentication on the ssh service, but some of the accout haven't set up OTP yet. Here will tell you how to escape the OTP login.

Problem

When you try to login by ssh and you probably will see this,

and even you type right password you still can not login to the server. The reason is that OTP configuration will affect all accounts that try to log in using ssh.

Solution

You have to modify the config to let some account can escape the OTP.

Original Config

You probabloy will see below config in your <code>/etc/pam.d/sshd</code> file.

auth    required pam_google_authenticator.so

Fix Config

auth    required pam_google_authenticator.so nullok

That's all.

Reference

google authenticator for certain users

google-authenticator-libpam / nullok

sshd: How to enable PAM authentication for specific users under

How To Set Up Multi-Factor Authentication for SSH on Ubuntu 16.04