paj001
By:
paj001

Should concurrent SSH logins with two factor authentication work fine on Ubuntu 14.04?

December 22, 2014 978 views

I wish to set up SSH two factor authentication and have followed the guidelines at 'https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-two-factor-authentication' to the letter. In fact, I have re-loaded the Ubuntu 14.04 OS & repeated these guidelines again. At login, in both cases, I get 'permission denied'.

If I remove the two changes to /etc/pam.d/sshd and /etc/ssh/sshd_config & restart the ssh service, I can log in successfully but it is the normal password only authentication.

My system only has a single user (ie. in addition to root) and I am logged in as that user to make the changes. Is the fact that I am already logged in causing the subsequent attempt to login in after the two factor authentication changes have been made causing a concurrent login conflict, resulting in the 'permission denied' ?

If concurrent google-authenticator logins should work, do you have any other ideas? There seems to be plenty of posts indicating the guidelines should work.

2 comments
  • Hi! I've just confirmed concurrent that google-authenticator logins works for me. To debug the issue, we might find some useful information in /var/log/auth.log You can also try enabling more verbose information when using SSH by passing -vv to the command:

    ssh -vv user@your.ip.address
    
  • Thanks asb for confirming that behaviour. I'll repeat the test with more verbose logging & advise findings.

Be the first one to answer this question.