Configuration example of PAM for Red Hat
This procedure is an example configuration of PingID SSH for PAM on Red Hat.
About this task
This assumes that you specified |
Steps
-
Edit the relevant PAM
conf
file.sudo vi /etc/pam.d/system-auth
-
Replace this line:
auth sufficient pam_unix.so nullok try_first_pass
with these lines:
auth requisite pam_unix.so nullok try_first_pass auth sufficient pam_pingid.so
-
Apply PingID to SSH by editing the
sshd_config
file:-
Run
sudo vi /etc/ssh/sshd_config
-
Set the following parameters:
-
usePAM
toyes
-
ChallengeResponseAuthentication
toyes
-
PasswordAuthentication
tono
-
-
-
Configure PAM for public key authentication by adding the following line to the SSHD configuration file,
sshd_config
.AuthenticationMethods publickey,keyboard-interactive
Remove
pam_unix.so
from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.PAM authentication is supported for SSHD with public key authentication, only when using OpenSSH 6.2 and later.
To check the OpenSSH version, run
ssh -V
. -
Restart the sshd service.
sudo service sshd restart