LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 06-12-2018, 10:07 AM   #1
davidpar007
LQ Newbie
 
Registered: Jun 2018
Posts: 2

Rep: Reputation: Disabled
Allow service account SSH login without 2FA


I have Windows 2012 AD server and all of the linux computers (CentOS) are joined to AD.

Recently, Quest defender 2FA has been activated, so all the domain users require soft token when SSH to any of CentOS systems. Now, I need to exclude some of the domain service accounts from 2FA when SSH to Centos systems for different services.

Here is the current setting

[root@Linux]# less /etc/pam_radius_acl.conf
sshd:*

[root@Linux]# /etc/pam.d/sshd

auth required pam_sepermit.so
auth requisite pam_defender.so
auth requisite pam_defender.so
auth substack password-auth
auth include postlogin
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
-session optional pam_reauthorize.so prepare

[root@Linux]# less /etc/ssh/sshd_config
UsePAM yes
ChalllengeResponseAuthentication yes


Secondly, I want to setup centralize access management meaning apply login policy for all the centos sytems. For example, a user in admin dept, she can login only to Centos systems which belong to admin dept only. She will not able to login to Engineering dept systems using her domain credentials.

Can configure GPO on Windows AD server and push down to all the linux systems? My CentOS version is 7.4

Thanks much.
 
Old 06-12-2018, 11:13 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,696
Blog Entries: 13

Rep: Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914Reputation: 3914
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

Your original thread was posted in Linux Newbie, however it appeared to be more appropriate for the Linux Server forum and was moved there.

Here is that thread: AD service account SSH to Centos without 2FA

Meanwhile there have yet to be any replies to that one. Please be patient, some questions are very involved. It is being seen, however no members may as yet have any advice for you. If it remains on the zero reply list (And to keep it there do not reply to that thread) it will continue to be visible to all members as a question not yet offered a solution. If you have new information about your problem, of course, please update that thread. That will also bump the thread. But as seen below, please do not bump threads with no real new information. Zero reply threads automatically get bumped over time, and they will also remain on the zero reply list.

From the LQ Rules (Please consider these tips, they just happen to be shown in that list):
Quote:
  • While almost every question does get an answer, we cannot guarantee a response. If your thread does not receive any responses, it will automatically be bumped twice.Threads should not be manually bumped without including additional information.
  • Do not post the same discussion multiple times. Duplicate discussions can be frustrating for other members. Try and pick the most relevant forum for your post. If you are unsure put it in Linux - General.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
AD service account SSH to Centos without 2FA davidpar007 Linux - Server 0 06-13-2018 04:45 PM
How to set variables to a non-login account used by a service in CentOS? pjbarberoiglesias Linux - Server 1 02-20-2018 10:53 AM
ssh account to restart 1 service ? elkhedewy Linux - Newbie 2 05-21-2013 02:24 PM
[SOLVED] SSH - How can I only allow a key pair login for my user account not root account? shanekelly Linux - Security 5 01-25-2013 09:45 AM
can't login to a Slack machine using a NIS account through ssh nIMBVS Slackware 2 07-15-2004 02:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration