From d84890f0b540ec49b5680d62b4b77616764878a4 Mon Sep 17 00:00:00 2001 From: ebner Date: Wed, 11 Dec 2024 10:52:15 +0100 Subject: [PATCH] add comment --- admin-guide/configuration/access/mfa.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/admin-guide/configuration/access/mfa.md b/admin-guide/configuration/access/mfa.md index 46ad67d5..dc324660 100644 --- a/admin-guide/configuration/access/mfa.md +++ b/admin-guide/configuration/access/mfa.md @@ -9,5 +9,7 @@ aaa::radius_servers: [ 'nps01.psi.ch', 'nps02.psi.ch' ] aaa::radius_timeout: 60 ``` +Beside this, ensure that `ChallengeResponseAuthentication yes` is set correctly in your sshd config (this is the default configuration - so if no changes where configured to sshd this should be ok!). + Prerequisite for this is, that your server can reach the RADIUS servers (in the example nps01.psi.ch and nps02.psi.ch) and that you received a shared secret from the RADIUS admin. (at the time of writing the RADIUS server are supported by group 9521)