diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-10-12 09:02:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-12 09:02:37 +0200 |
commit | 6951fa7ef6ea4a2715b9083d654f6cf3f3b60213 (patch) | |
tree | 694540848ff0a3ef4fa1ede3659f68bb459c1787 /debian/vyos-1x.postinst | |
parent | b74f297d8a7426cbdb0b44240bfa4b7666986337 (diff) | |
parent | 765f84386b6e94984ff79db2eab36d51f759159b (diff) | |
download | vyos-1x-6951fa7ef6ea4a2715b9083d654f6cf3f3b60213.tar.gz vyos-1x-6951fa7ef6ea4a2715b9083d654f6cf3f3b60213.zip |
Merge pull request #1555 from goodNETnick/ssh_otp
system login: T874: add 2FA support for local and ssh authentication
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r-- | debian/vyos-1x.postinst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 6879b6e4f..dc64e7a42 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -21,6 +21,16 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi +# Add 2FA support for SSH +sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/sshd" || \ +sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd \ +/ + +# Add 2FA support for local authentication +sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/login" || \ +sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login \ +/ + # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ |