[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

JumpCloud sshd configuration

For Linux systems, JumpCloud writes to /etc/ssh/sshd_config in order to manage the sshd configuration. If exceptions are needed it's recommended to use the conditional Match block. Anything within a Match block will be ignored by the JumpCloud agent. See Using the Match block in sshd_config for examples.

The following is a list of the possible settings, the corresponding changes to sshd_config, and the expected behavior. 

SSH Password Login



Expected Behavior: Users will authenticate with password only

/etc/ssh/sshd_config:
ChallengeResponseAuthentication no
UsePAM yes
PubkeyAuthentication no
PermitRootLogin no
PasswordAuthentication yes
AuthorizedKeysFile     .ssh/authorized_keys

Public Key Authentication



Expected Behavior: Users will authenticate with publickey only

/etc/ssh/sshd_config:
​​ChallengeResponseAuthentication no
UsePAM yes
AuthorizedKeysFile     .ssh/authorized_keys
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no​

SSH Password Login + Public Key Authentication



Expected Behavior: Users can authenticate with password OR publickey 

/etc/ssh/sshd_config:
​​ChallengeResponseAuthentication no
UsePAM yes
AuthorizedKeysFile     .ssh/authorized_keys
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication yes​

SSH Password Login +  Multifactor Authentication



Expected Behavior: Users will authenticate with password and TOTP token (when the TOTP Key is activated)

/etc/ssh/sshd_config:
ChallengeResponseAuthentication yes
UsePAM yes
PubkeyAuthentication no
PermitRootLogin no
PasswordAuthentication yes
AuthorizedKeysFile     .ssh/authorized_keys

Public Key Authentication + Multifactor Authentication



Expected Behavior:  Users will authenticate with publickey and TOTP token (when the TOTP Key is activated)

/etc/ssh/sshd_config:
​​ChallengeResponseAuthentication yes
UsePAM yes
AuthorizedKeysFile     .ssh/authorized_keys
PubkeyAuthentication yes
PermitRootLogin no
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive
 

Last Updated: Sep 19, 2018 03:48PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete