To use Advanced Authentication in the SSH (Secure Shell) mode, install the Advanced Authentication Linux PAM Client on the server to where you desire to make the SSH connection. For more information on how to install the Linux PAM Client, see Installing and Uninstalling Linux PAM Client.
After installation, configure the following parameters in the file /etc/ssh/sshd_config:
Set PasswordAuthentication to no
Set ChallengeResponseAuthentication to yes
To apply the changes in the file sshd_config, you must restart the SSH Service. To restart the SSH Service, run the command sudo service sshd restart in the terminal.
Advanced Authentication secures SSH by providing multi-factor authentication only for the methods that do not require Advanced Authentication Device Service.
NOTE:You can use the Authentication Agent to use methods such as fingerprint and card to secure SSH. For more information, see Enabling the Authentication Agent Chain
.
IMPORTANT:Advanced Authentication does not support the multi-factor authentication to a Terminal or SSH for the domain users when Linux machine is used in a non-domain mode.