I followed https://ubuntu.com/tutorials/configure-ssh-2fa to set up 2FA protection on SSH on my Ubuntu 22.04.5 system. I have only key-based authentication enabled, so this may be excessive, but it feels more secure that even if somehow my private key got loose it wouldn't be enough in its own.
I don't want to have to put in a TOTP code when connecting from a system on my LAN so my /etc/pam.d/sshd has this:
auth [success=done default=ignore] pam_access.so accessfile=/etc/security/access-local.conf
auth required pam_google_authenticator.so
/etc/security/access-local.conf has:
+ : ALL : 192.168.1.0/24
+ : ALL : LOCAL
- : ALL : ALL
This all works fine. I get prompted for a TOTP code when I'm outside of my LAN and not when on it.
My problem now is that tab-completion with scp no longer works. For example, on another system I try:
$ scp server:someth<TAB>
and something should autocomplete, assuming that file exists. This works fine when I don't have the PAM module enabled, but doesn't work when it is. Even in the case when I'm on my LAN and don't get prompted for the TOTP code it fails. When I press TAB I get messages like this in the server's /var/log/auth.log:
Oct 26 17:08:13 server sshd[1136620]: Connection closed by authenticating user user 192.168.1.182 port 53145 [preauth]
Oct 26 17:08:13 server sshd[1136732]: Connection closed by authenticating user user 192.168.1.182 port 53146 [preauth]
The messages always appear in pairs like this for each press of TAB.
Does anyone have any idea what, if anything, I can do to make this work?