Enable strong 2FA authentication by updating the
/etc/ssh/sshd_config with the following changes:
# Require public key *and* password authentication. Without this, a valid public # key would bypass the Yubikey requirement. AuthenticationMethods publickey,password # Enable the password authentication backend. PasswordAuthentication yes # Disable the keyboard-interactive mode which could be used to ask for the # password. ChallengeResponseAuthentication no # Enable PAM integration for authentication as this is the system that Yubikey # integrates with. UsePAM yes
If you want to login with the root user via ssh, add or update the
PermitRootLogin under the same file, replace
# Enable root login via ssh. PermitRootLogin yes
ssh. Note that if you're already inside an ssh session, you won't be disconnected.
❯ service ssh restart