Talk:Google Authenticator

From ArchWiki

usage of deprecated ChallengeResponseAuthentication

According to

  • ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
  in favour of KbdInteractiveAuthentication. The former is what was in
  SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
  treated as somewhat but not entirely equivalent. We retain the old
  name as a deprecated alias so configuration files continue to work
  as well as a reference in the man page for people looking for it.

We have to use KbdInteractiveAuthentication everywhere instead of ChallengeResponseAuthentication. Users actually will not find deprecated option in config file.

Corresponding change was made on the main OpenSSH wiki page:

comment: "OpenSSH 8.7 replaced ChallengeResponseAuthentication with KbdInteractiveAuthentication"

I've updated this page with comment: "according to openssh 8.7 changelog and wiki changes here"

But, @Danboid have reverted this update with comment: "Google Authenticator actually requires ChallengeResponseAuthentication to be enabled for ssh or else you don't get prompted for the verification code.". Why? Comment, please.

I also have to confirm, that Google Authenticator DOES work without this option, only with new KbdInteractiveAuthentication. May be you should just delete deprecated "ChallengeResponseAuthentication no" in case you have it?


Hi Kullfar

Actually it seems I was wrong to make that change. I have been setting up GA on a Ubuntu 20.04 server which uses openssh 8.2 and I was unaware of this change.

I won't be the only person who uses the Arch Wiki as a reference for other Linux distros, I'm sure :)


Hi Danboid!

Thanks for answering, good point. Let's add two variant to the wiki page ("current ssh" and "before 8.7")? For an updated ArchLinux user the current page suggests to change the option, he doesn't have in /etc/ssh/sshd_config. I think Arch Wiki should be at first useful for Arch users and then for other Linux distro users. Do you agree? ;-) kullfar (talk) 15:41, 14 February 2022 (UTC)kullfarReply[reply]