Configure the PingID SSH installation to enable it to work with ForceCommand.
Important:
While changing SSHD or PAM configurations, keep an open session with root permissions. This will allow you to reverse any changes without being locked out of the server.
Note:
Limitation of ForceCommand:
When PingID MFA is configured via ForceCommand, SSH commands that don't support interactive sessions (for example, scp and sftp) do not allow authentication with a One Time Passcode (OTP).
The above limitation does not apply when authenticating using a mobile device (push).
This procedure assumes that PingID was installed with
--prefix=/usr
: