This is an example configuration of PingID SSH for PAM on HP-UX.
Note: This assumes that you specified
--prefix=/usr/local
in the configure command.- Create a backup of the common PAM configuration file, /etc/pam.conf.
-
Edit the /etc/pam.conf file as follows:
- To add MFA to SSH: Change the lines starting with
sshd:From:
To:sshd auth required libpam_hpsec.so.1 sshd auth required libpam_unix.so.1
sshd auth required libpam_hpsec.so.1 sshd auth required /usr/lib/security/pam_pingid.so
- Apply PingID to SSH by editing the sshd_config
file:
sudo vi /opt/ssh/etc/sshd_config
- Set UsePAM to ‘yes’, ChallengeResponseAuthentication to ‘yes’ and PasswordAuthentication to ‘no’.
- Configure PAM for public key authentication by adding the following line to the SSHD
configuration
file,sshd_config:
AuthenticationMethods publickey,keyboard-interactive
Note:To check the OpenSSH version, runssh -V
- Restart the sshd
service:
sudo /sbin/init.d/secsh stop sudo /sbin/init.d/secsh start
- Apply PingID to SSH by editing the sshd_config
file:
- To add MFA to SU: Change the lines starting with
su:From:
To:su auth required libpam_hpsec.so.1 bypass_setaud su auth required libpam_unix.so.1
su auth required libpam_hpsec.so.1 bypass_setaud su auth requisite libpam_unix.so.1 su auth required /usr/lib/security/pam_pingid.so
- To add MFA to SSH: Change the lines starting with
sshd: