KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
43d6003128d27bb74dab3327924646ba313bb634
KNELConfigMgmt-FetchApply/initializers/2fa/configs/sshd-2fa-config
Charles N Wyble 43d6003128 feat(2fa): add PAM and SSH configuration for Google Authenticator 
Add configuration files required for two-factor authentication
via Google Authenticator:

- sshd-pam: PAM configuration integrating Google Authenticator
  with standard Unix authentication, using nullok for gradual
  rollout allowing users without 2FA to still authenticate

- sshd-2fa-config: SSH daemon configuration additions enabling
  ChallengeResponseAuthentication and KeyboardInteractive
  authentication methods required for 2FA flow

These configs support the KNEL security baseline requiring 2FA
for SSH access while maintaining backward compatibility during
user onboarding.

Related: KNELServerBuild/ProjectCode/Modules/Security/secharden-2fa.sh
2026-02-17 16:31:37 -05:00

12 lines
326 B
Plaintext
Raw Blame History

# KNEL SSH 2FA Configuration Additions
# These settings enable two-factor authentication with SSH keys
# Enable challenge-response authentication for 2FA
ChallengeResponseAuthentication yes
# Enable PAM
UsePAM yes
# Require both publickey AND keyboard-interactive (2FA)
AuthenticationMethods publickey,keyboard-interactive
View Git Blame Copy Permalink