When implementing Multi Factor Authentication (MFA) for linux server with ssh-key and google-authenticator only with no password it was prompting us to enter password for user but we wanted authentication without password.
Steps to solve this:
1. Install google authenticator (centos 64-bit) in a new terminal window:
yum install google-authenticator.x86_64
2. Now vi /etc/pam.d/sshd (add following line at the top):
auth required pam_google_authenticator.so
3. Then vi /etc/ssh/sshd_config:
# Change settings as mentioned below and in same order. ChallengeResponseAuthentication yes UsePAM yes AuthenticationMethods publickey,keyboard-interactive PasswordAuthentication no
4. Then vi /etc/pam.d/sshd:
#auth substack password-auth (comment out)
Save and exit
5. Then service sshd restart.
Leave A Comment