Is there a way to force a 2-Factor Authentication Code for SSH if a key is used?
Specifically with pam_google_authenticator.so
Regular SSH password login:
Code:
$ ssh terry@11.11.11.11
Verification code:
Password:
SSH login using key:
Code:
$ ssh terry@11.11.11.11
Last login: Tue Aug 9 19:32:39 2016 from 11.11.11.12
[terry@centos7 ~]$
In sshd_config, if I have:
Code:
AuthenticationMethods keyboard-interactive
it requires the code and a password.
If I have:
Code:
AuthenticationMethods publickey
It allow access with no code.
So basically it looks like it needs keyboard-interactive for the code, but also requires a password if that's set.
If there another option for code and key?
How can I get it to ask for the Verification Code before accepting the key?