Note: For more information about required web access, see PingID required domains, URLs, and ports.
Secure Shell (SSH)
SSH is an encrypted network protocol, which provides a remote or local secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.
Pluggable authentication module (PAM)
PAM is a mechanism to integrate low-level authentication schemes into a high-level API. Applications that rely on authentication can be developed independently of the underlying authentication scheme.
ForceCommand
ForceCommand safely executes remote commands through SSH. ForceCommand can be associated with the SSH configuration of authorized keys.
Note:
Limitation of ForceCommand
When PingID MFA is configured through ForceCommand, SSH commands that do not support interactive sessions, such as scp and sftp, do not allow authentication with a one-time Passcode (OTP).

This limitation does not apply when:

  • Authenticating using a mobile device (push).
  • PingID MFA is configured though the PAM module.
CAUTION:

Adding multi-factor authentication (MFA) to a Unix or Linux system might result in locking you out of the system. To minimize this risk, back up your system before beginning an installation, and during an installation, keep a separate open session with root permissions.

Obtaining the PingID properties file for SSH

A PingID properties file is required during the installation of the PingID SSH agent.

Properties files may have full or restricted permissions. Full permissions should be used with care: They enable on-the-fly enrollment, device management and authentication which may not be desirable. For information on downloading the PingID properties file, see Managing the PingID properties file.