ubuntu 20, 22, 24
sssd.conf
[prompting/password] password_prompt = my_password :
ubuntu 20, 22, 24
[prompting/2fa] single_prompt = False first_prompt = 2fa_Password : second_prompt = 2fa_otp :
But when I try ssh testuer@localhost always it asks me "Passowrd:"
I tried to change sssd.conf and also tried /etc/pam.d/ /etc/pam.d/sshd @include common-auth account required pam_nologin.so @include common-account .....
/etc/pam.d/common-auth auth [success=2 default=ignore] pam_unix.so nullok <-------- I changed it as auth [success=2 default=ignore] pam_unix.so nullok authtok_prompt=my_password: auth [success=1 default=ignore] pam_sss.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
But everything doesn't work. How can I change the default password prompt ??
Am Tue, Jun 18, 2024 at 06:24:46AM -0000 schrieb seojeong kim:
ubuntu 20, 22, 24
sssd.conf
[prompting/password] password_prompt = my_password :
ubuntu 20, 22, 24
[prompting/2fa] single_prompt = False first_prompt = 2fa_Password : second_prompt = 2fa_otp :
But when I try ssh testuer@localhost always it asks me "Passowrd:"
Hi,
I would expect that this prompt is generated by the 'ssh' client program directly. Please note that ssh has (at least) two authentication mechanism which are using prompt to the user. PasswordAuthentication and KbdInteractiveAuthentication (which was formerly known as ChallengeResponseAuthentication).
PasswordAuthentication is strictly password authentication and because of this the prompt is generated by the 'ssh' client program directly.
KbdInteractiveAuthentication allows a flexible dialog between the client and the server and hence here the prompting is driven by the server side (i.e. the PAM modules in your setup).
So if you disable PasswordAuthentication and enable KbdInteractiveAuthentication on /etc/ssh/sshd_config on the server side and restart sshd you should hopefully see the new prompts.
bye, Sumit
I tried to change sssd.conf and also tried /etc/pam.d/ /etc/pam.d/sshd @include common-auth account required pam_nologin.so @include common-account .....
/etc/pam.d/common-auth auth [success=2 default=ignore] pam_unix.so nullok <-------- I changed it as auth [success=2 default=ignore] pam_unix.so nullok authtok_prompt=my_password: auth [success=1 default=ignore] pam_sss.so use_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
But everything doesn't work. How can I change the default password prompt ?? -- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
I appreciate for your feedbak. ChallengeResponseAuthentication was already configured as 'yes'. I've successively changed 2fa auth prompt after changing common-auth file.
But now I faced another problem. for 2fa user, I just press enter for pwd and otp .
First Factor: Second Factor:
First Factor: Second Factor:
First Factor: Second Factor:
ereen-test@10.10.212.41's password: Permission denied, please try again.
ereen-test@10.10.212.41's password: Permission denied, please try again.
for the users of password auth type, it's also like Password: Password: Password: ereen-test@10.10.212.96's password: Permission denied, please try again. ereen-test@10.10.212.96's password: Permission denied, please try again. ereen-test@10.10.212.96's password:
MaxAuthTries , its default value is 6. So I understatand it asks 6 times but why authentication prompt for 2fa user goes different at the 4th prompt? Is there anything what I should change for this?
sssd-users@lists.fedorahosted.org