[solved] Adding systems to cloudmin that require Challenge Response authentication


I was wondering if it is possible to add a system to cloudmin, that does not allow login via SSH via a standard PW. I am using libpam-google-authenticator on my Debian bases systems and would like to add them to cloudmin.

Any recommendation about how to implement this setup?


Actually, I’m going to revise my reply and ask more about how this works :slight_smile:

Can you describe what your SSH login process is like?

What would Cloudmin have to do in order to support?


Hi Eric,

Thanks for your reply. In the meantime I found out the solution for my problem.

Libpam-google-authenticator activates a 2-step login. To login into the system, you first have to enter a one-time-password, after that the normal a password.

It turns out, that when using public-key authentication, the 2-step authorization is bypassed. This is the solution for the setup with libpam-google-authenticator.

What I first tried, was disabling SSH (activating “Do not attempt SSH login”) but having Webmin enabled on the system. I was hoping that Cloudmin can communicate with the client system completely via the Webmin RPC interface. The status of the system was changed from “webmin” to “alive”. Most of the features are not available in this mode.

It seems, that SSH is indispensable. Is that right, or would a non-SSH configuration work?