Users should be able to set pam_oath as the deciding factor for SSH connections

Description

This allows users to combine OATH and public key authentication as documented at https://www.linode.com/docs/security/authentication/use-one-time-passwords-for-two-factor-authentication-with-ssh-on-ubuntu-16-04-and-debian-8/.

Unlike the simple solution presented in that link, we will need to handle both users with a password and ones with keys. As such, we need to have another set of listfiles.

Something like the following appears to work but we need to determine if this should be a whitelist or a blacklist:

Acceptance Criteria

None

Labels

None

Epic Link

None

Story Points

None

Components

Affects versions

Priority

Medium

Assignee

Trevor Vaughan
Configure