Configuration example of PAM for Ubuntu/Debian
This is an example configuration of PingID SSH for PAM on Ubuntu and Debian distributions.
About this task
This process assumes that you specified |
Steps
-
Edit the relevant PAM
conf
file.sudo vim /etc/pam.d/common-auth
-
Replace the line:
auth [success=1 default=ignore] pam_unix.so nullok_secure
with these lines:
auth requisite pam_unix.so nullok_secure auth [success=1 default=ignore] /lib/security/pam_pingid.so
-
Apply PingID to SSH by editing the
sshd_config
file:-
Run
sudo vi /etc/ssh/sshd_config
-
Set the following parameters:
-
UsePAM
toyes
-
KbdInteractiveAuthentication
toyes
-
PasswordAuthentication
tono
-
-
-
Optionally, configure PAM for public key authentication by adding the following line to the SSHD configuration file,
sshd_config
.AuthenticationMethods publickey,keyboard-interactive
Remove
pam_unix.so
from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.To check the OpenSSH version, run
ssh -V
. -
Restart the sshd service.
sudo service sshd restart
Next steps
Pair the end user device.