login to myserver with 2 factor authentication, enabled on SSH with googles authenticator

Advertisement

KevinRoberts
Joined:
Posts:
1
Location:
United States

login to myserver with 2 factor authentication, enabled on SSH with googles authenticator

Hello,
I am new to this forum, and I am having a problem I just enabled 2 factor auth using the google authenticator pam module that you can use to use googles authenticator. I have everything setup and have challenge responce option set to yes in my sshd_config and it works with PUTTY just fine, it askes me what user I want to login as, then it says keyboard interaction prompts from server then it says password, then after it asks me for the code which I get from the google authenticator app on my Phone. and that works with loging in but with winSCP when I log in to the same user, it says edit protected like it wants a password I try using a code from the app again, and it doesn't like it I try entering my user password and it still doesn't like it so I am not sure what is going on I have use keyboard interact in the advanced settings on the session that am trying to log in to. Also I am a blind user of WinSCP just so you all know. I am running WinSCP Version 5.15.2 (Build 9590)
Any help with this would be great I would like to have this as a better security methid for anyone who logs in to the server weather that would be SSH or Sftp.
Thanks
Kevin Roberts
PS the server I have this setup is arch linux 2018 with the libpam-google-authenticator module installed.
Thanks
Kevin Roberts

Reply with quote E-mail

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
32,073
Location:
Prague, Czechia

Re: login to myserver with 2 factor authentication, enabled on SSH with googles authenticator

Please attach a full session log file showing the problem (using the latest version of WinSCP).

To generate the session log file, enable logging, log in to your server and do the operation and only the operation that causes the error. Submit the log with your post as an attachment. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you can mark the attachment as private.

Reply with quote

Advertisement

You can post new topics in this forum