Note:

This process assumes that you specified --prefix=/usr in the configure command or installed from the binary package.

  1. Edit the relevant PAM conffile. 
    sudo vim /etc/pam.d/common-auth
  2. Replace the line: 
    auth  [success=1 default=ignore]  pam_unix.so nullok_secure
    with these lines:
    auth requisite pam_unix.so nullok_secure
auth  [success=1 default=ignore]  /lib64/security/pam_pingid.so
  3. Apply PingID to SSH by editing the sshd_config file:
    1. Run 
      sudo vi /etc/ssh/sshd_config
    2. Set the following parameters:
      • UsePAM to yes
      • ChallengeResponseAuthentication to yes
      • PasswordAuthentication to no
  4. Configure PAM for public key authentication by adding the following line to the SSHD configuration file, sshd_config. 
    AuthenticationMethods publickey,keyboard-interactive

    Remove pam_unix.so from the PAM configuration for SSHD, to prevent display of a password prompt for the keyboard-interactive authentication method.

    Note:

    To check the OpenSSH version, run ssh -V.

  5. Restart the sshd service.

    sudo service sshd restart