system login: T874: add 2FA support for local and ssh authentication

author: goodNETnick <pknet@ya.ru> 2022-09-22 02:03:04 -0400
committer: goodNETnick <pknet@ya.ru> 2022-10-11 19:56:45 -0400
commit: 765f84386b6e94984ff79db2eab36d51f759159b (patch)
tree: ce2ce9dca40ddda4ca4639b89308f317e67e59d1 /data/templates/ssh/sshd_config.j2
parent: 31138f43f4a5714077adbbd22ff774b2d4ce37f8 (diff)
download: vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.tar.gz
vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2
index e7dbca581..93c6735dd 100644
--- a/data/templates/ssh/sshd_config.j2
+++ b/data/templates/ssh/sshd_config.j2
@@ -17,7 +17,6 @@ PubkeyAuthentication yes
 IgnoreRhosts yes
 HostbasedAuthentication no
 PermitEmptyPasswords no
-ChallengeResponseAuthentication no
 X11Forwarding yes
 X11DisplayOffset 10
 PrintMotd no
@@ -30,6 +29,7 @@ PermitRootLogin no
 PidFile /run/sshd/sshd.pid
 AddressFamily any
 DebianBanner no
+PasswordAuthentication no
 
 #
 # User configurable section
@@ -48,7 +48,7 @@ Port {{ value }}
 LogLevel {{ loglevel | upper }}
 
 # Specifies whether password authentication is allowed
-PasswordAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }}
+ChallengeResponseAuthentication {{ "no" if disable_password_authentication is vyos_defined else "yes" }}
 
 {% if listen_address is vyos_defined %}
 # Specifies the local addresses sshd should listen on
author	goodNETnick <pknet@ya.ru>	2022-09-22 02:03:04 -0400
committer	goodNETnick <pknet@ya.ru>	2022-10-11 19:56:45 -0400
commit	765f84386b6e94984ff79db2eab36d51f759159b (patch)
tree	ce2ce9dca40ddda4ca4639b89308f317e67e59d1 /data/templates/ssh/sshd_config.j2
parent	31138f43f4a5714077adbbd22ff774b2d4ce37f8 (diff)
download	vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.tar.gz vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.zip