KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
3f5ca4c9a6a54ddc01ebb2fe7d5030bbaf80472b
KNELConfigMgmt-FetchApply/initializers/2fa/configs/sshd-2fa-config
Charles N Wyble 43d6003128 feat(2fa): add PAM and SSH configuration for Google Authenticator 
Add configuration files required for two-factor authentication
via Google Authenticator:

- sshd-pam: PAM configuration integrating Google Authenticator
  with standard Unix authentication, using nullok for gradual
  rollout allowing users without 2FA to still authenticate

- sshd-2fa-config: SSH daemon configuration additions enabling
  ChallengeResponseAuthentication and KeyboardInteractive
  authentication methods required for 2FA flow

These configs support the KNEL security baseline requiring 2FA
for SSH access while maintaining backward compatibility during
user onboarding.

Related: KNELServerBuild/ProjectCode/Modules/Security/secharden-2fa.sh
2026-02-17 16:31:37 -05:00

12 lines
326 B
Plaintext
Raw Blame History

# KNEL SSH 2FA Configuration Additions
# These settings enable two-factor authentication with SSH keys
# Enable challenge-response authentication for 2FA
ChallengeResponseAuthentication yes
# Enable PAM
UsePAM yes
# Require both publickey AND keyboard-interactive (2FA)
AuthenticationMethods publickey,keyboard-interactive
View Git Blame Copy Permalink