summaryrefslogtreecommitdiff
path: root/debian/vyos-1x.postinst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-10-12 09:02:37 +0200
committerGitHub <noreply@github.com>2022-10-12 09:02:37 +0200
commit6951fa7ef6ea4a2715b9083d654f6cf3f3b60213 (patch)
tree694540848ff0a3ef4fa1ede3659f68bb459c1787 /debian/vyos-1x.postinst
parentb74f297d8a7426cbdb0b44240bfa4b7666986337 (diff)
parent765f84386b6e94984ff79db2eab36d51f759159b (diff)
downloadvyos-1x-6951fa7ef6ea4a2715b9083d654f6cf3f3b60213.tar.gz
vyos-1x-6951fa7ef6ea4a2715b9083d654f6cf3f3b60213.zip
Merge pull request #1555 from goodNETnick/ssh_otp
system login: T874: add 2FA support for local and ssh authentication
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r--debian/vyos-1x.postinst10
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 6879b6e4f..dc64e7a42 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -21,6 +21,16 @@ if ! grep -q '^openvpn' /etc/passwd; then
adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn
fi
+# Add 2FA support for SSH
+sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/sshd" || \
+sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd \
+/
+
+# Add 2FA support for local authentication
+sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/login" || \
+sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login \
+/
+
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then
adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \