ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-13 00:14:18 +08:00
Code Issues Projects Releases Packages Wiki Activity

doc: add more info about root 2FA in sshd_config templates

Browse source
This commit is contained in:
Stéphane Lesimple 2021-12-21 11:15:04 +00:00 committed by Stéphane Lesimple
parent 8b02d610be
commit 415bc9b903
7 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
etc/ssh/sshd_config.centos7
View file

@ -123,7 +123,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.centos8
View file

@ -123,7 +123,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.debian10
View file

@ -127,7 +127,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.debian11
View file

@ -127,7 +127,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.debian8
View file

@ -127,7 +127,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.debian9
View file

@ -127,7 +127,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group

4
etc/ssh/sshd_config.freebsd
View file

@ -120,7 +120,9 @@ UseDNS no
UsePAM yes UsePAM yes
# === AuthenticationMethods vs potential root OTP vs potential user MFA === # === AuthenticationMethods vs potential root OTP vs potential user MFA ===
# 2FA has been configured for root, so we force pubkey+PAM for it # If 2FA has been configured for root, we force pubkey+PAM for it. If this is the case
# on your system, uncomment the next two lines (see
# https://ovh.github.io/the-bastion/installation/advanced.html#fa-root-authentication)
#Match User root #Match User root
# AuthenticationMethods publickey,keyboard-interactive:pam # AuthenticationMethods publickey,keyboard-interactive:pam
# Unconditionally skip PAM auth for members of the bastion-nopam group # Unconditionally skip PAM auth for members of the bastion-nopam group