Ticket #9138: sshd_config.patch

File sshd_config.patch, 1.2 KB (added by DkSoul, 5 years ago)

Patch to modify openssh-server configuration to enable Google Authentication

  • etc/pam.d/sshd

    diff -Naur a/etc/pam.d/sshd b/etc/pam.d/sshd
    a b  
    77# Skip Google Authenticator if logging in from the local network. 
    88# auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-sshd-local.conf 
    99# Google Authenticator 2-step verification. 
    10 # auth       requisite    pam_google_authenticator.so 
     10auth       requisite    pam_google_authenticator.so 
    1111 
    1212# Standard Un*x authentication. 
    1313auth       include      common-auth 
  • etc/ssh/sshd_config

    diff -Naur a/etc/ssh/sshd_config b/etc/ssh/sshd_config
    a b  
    5757#IgnoreRhosts yes 
    5858 
    5959# To disable tunneled clear text passwords, change to no here! 
    60 #PasswordAuthentication yes 
    61 #PermitEmptyPasswords no 
     60PasswordAuthentication no 
     61PermitEmptyPasswords no 
    6262 
    6363# Change to no to disable s/key passwords 
    64 #ChallengeResponseAuthentication yes 
     64ChallengeResponseAuthentication yes 
    6565 
    6666# Kerberos options 
    6767#KerberosAuthentication no 
     
    8282# If you just want the PAM account and session checks to run without 
    8383# PAM authentication, then enable this but set PasswordAuthentication 
    8484# and ChallengeResponseAuthentication to 'no'. 
    85 #UsePAM no 
     85UsePAM yes 
    8686 
    8787#AllowAgentForwarding yes 
    8888#AllowTcpForwarding yes