I have fully configured a LDAP server which works perfectly for authenticating users across my multiple nodes.
I wanted to add an extra layer of security with the usual two factor public private key.
I followed this guide : https://github.com/jirutka/ssh-ldap-pubkey
I added the schema, i can see that my users contains a public key as their parameters.
I am able to run the script and it returns me the users public keys.
The problem is that whenever i attempt an ssh connections to my machine, it just never ask for a private key. I was wondering if there is something i am missing ?
As the guide says, i have added to my sshd.conf :
AuthorizedKeysCommand /usr/bin/ssh-ldap-pubkey-wrapper
AuthorizedKeysCommandUser nobody
Rebooted, restarted but still my server never prompts for a private key. I am still able to log-in with just a user/password while it should deny me because i dind't provide a private key.
I am running on a test centos 6 machine, anybody knows if i am missing something in my PAM file ?
Adding this line in sshd.conf
Fixed the issue on CentOS 6. Thanks to @gf_ for helping me out on this !