Allow AD service account SSH to Linux systems without 2FA


 
Thread Tools Search this Thread
Top Forums UNIX for Beginners Questions & Answers Allow AD service account SSH to Linux systems without 2FA
# 1  
Old 06-14-2018
Allow AD service account SSH to Linux systems without 2FA

I have Windows AD server and all of the linux computers are joined to AD.

Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA


Code:
[root@Linux]# less /etc/pam_radius_acl.conf
sshd:*

[root@Linux]# /etc/pam.d/sshd

auth required pam_sepermit.so
auth requisite pam_defender.so
auth requisite pam_defender.so
auth substack password-auth
auth include postlogin
-auth optional pam_reauthorize.so prepare
account required pam_nologin.so
account include password-auth
password include password-auth
session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
-session optional pam_reauthorize.so prepare

[root@Linux]# less /etc/ssh/sshd_config 
UsePAM yes
ChalllengeResponseAuthentication yes



Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!

Last edited by davidpar007; 06-19-2018 at 05:06 AM.. Reason: Added CODE tags.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Restrict service account from direct interactive sessions

Environment: CentOS 7 I would like to have a solution where a service account can access a server in only these ways: ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed) not ssh interactively regular... (2 Replies)
Discussion started by: bgstack15
2 Replies

2. AIX

[Tip] Using DHCP for Managed Systems Service Processors

This is a warning because we just went through searching for the error for some weeks. In many cases the managed systems (respectively their service processors) reside on their own network, together with the HMC(s) managing them. In this setup usually the HMC acts as DHCP server for the service... (0 Replies)
Discussion started by: bakunin
0 Replies

3. Red Hat

Su-only account with ssh capability and no interactive login

Hello experts, Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate. Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies

4. UNIX for Dummies Questions & Answers

SSH with a nologin account

Is it possible to SSH with an account that has its shell set to /sbin/nologin? The reason I ask is because I am running an instance of nagios where I need to use SSH keys to run a check, but I am getting connect errors in Nagios. Also, what is the risk I run into if I just simply change my... (2 Replies)
Discussion started by: streetfighter2
2 Replies

5. Solaris

Solaris 8: root can't ssh to other systems.

Hi, The issue is that root can not ssh to a Solaris 8 server: Please help. Thank you in advance! (7 Replies)
Discussion started by: aixlover
7 Replies

6. Shell Programming and Scripting

How ti check if passwordless ssh is enabled between two systems

I am writing a script which will execute commands on remote host only if they have a passwordless ssh setup. How do i check for that in my script (5 Replies)
Discussion started by: vickylife
5 Replies

7. IP Networking

how to install ssh service in linux

hello,I am new in linux and want to know how to install ssh service in my computer so that others can connect to it,thank you! (15 Replies)
Discussion started by: hwk07
15 Replies

8. Shell Programming and Scripting

Shell account SSH Tunnelling?

What do I need to do to be able to connect to an IRC server from work? At work I'm behind a firewall that blocks all IRC connections on standard ports. I read that I could use a shell account and set something up (which I am searching what) that I could use to connect to and tunnel my... (4 Replies)
Discussion started by: KromiX
4 Replies

9. UNIX for Dummies Questions & Answers

On HP Systems, how do you enable an account??

now, HP can be very annoying when your coming off of a solaris box. anyway, i needed to change a password for a user who was on an HP machine. Changing the password was no problem but getting the user to log on with the new password was the problem. the user kept getting "account disabled"... (1 Reply)
Discussion started by: TRUEST
1 Replies
Login or Register to Ask a Question

Featured Tech Videos