diff --git a/admin-guide/configuration/access/mfa.md b/admin-guide/configuration/access/mfa.md index 46ad67d5..dc324660 100644 --- a/admin-guide/configuration/access/mfa.md +++ b/admin-guide/configuration/access/mfa.md @@ -9,5 +9,7 @@ aaa::radius_servers: [ 'nps01.psi.ch', 'nps02.psi.ch' ] aaa::radius_timeout: 60 ``` +Beside this, ensure that `ChallengeResponseAuthentication yes` is set correctly in your sshd config (this is the default configuration - so if no changes where configured to sshd this should be ok!). + Prerequisite for this is, that your server can reach the RADIUS servers (in the example nps01.psi.ch and nps02.psi.ch) and that you received a shared secret from the RADIUS admin. (at the time of writing the RADIUS server are supported by group 9521)