This procedure is an example configuration of PingID SSH for PAM on Red Hat.
Note: This assumes that you specified
--prefix=/usr
in the configure
command.-
Edit the relevant PAM
conf
file.sudo vi /etc/pam.d/system-auth
-
Replace this line:
with these lines:auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_unix.so nullok try_first_pass auth sufficient pam_pingid.so
-
Apply PingID to SSH by editing the sshd_config file:
-
Run
sudo vi /etc/ssh/sshd_config
-
Set the following parameters:
- usePAM to yes
- ChallengeResponseAuthentication to yes
- PasswordAuthentication to no
-
Run
-
Configure PAM for public key authentication by adding the following line to the
SSHD configuration file, sshd_config.
AuthenticationMethods publickey,keyboard-interactive
Remove pam_unix.so from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.
Note:PAM authentication is supported for SSHD with public key authentication, only when using OpenSSH 6.2 and later.
To check the OpenSSH version, run ssh -V.
-
Restart the sshd service.
sudo service sshd restart