Hi everyone,
I use Jumpcloud's Linux agent to create a local user (admin) account on my Proxmox nodes that will wait for MFA to be completed before letting you login to the account. This works great, if I SSH to the Proxmox node with that account, it says "Waiting for phone authentication" after I put in the password, and I approve the request through Jumpcloud as expectd. However, when i log-in to the Proxmox Web GUI, it just lets me right through without waiting for the MFA to be approved. Once you're in the web GUI and then go to the shell for one of the nodes, logging in with "admin" there also waits for phone authentication.
Is there a difference between how the Proxmox web gui authenticates against PAM vs how SSH does? Jumpcloud doesn't even see the request, so I'm wondering if SSH is authenticating against something else. Both the default "root" and the new "admin" account show up in /etc/passwd.
Appreciate any help.
*edit, the reason I want to use jumpcloud instead of the built-in MFA is because I want the pop-up notification to approve MFA instead of needing to type in a code. And it has to be a PAM realm user otherwise the Shell won't load in the Web GUI. All convenience stuff, lol.
Thanks!
I use Jumpcloud's Linux agent to create a local user (admin) account on my Proxmox nodes that will wait for MFA to be completed before letting you login to the account. This works great, if I SSH to the Proxmox node with that account, it says "Waiting for phone authentication" after I put in the password, and I approve the request through Jumpcloud as expectd. However, when i log-in to the Proxmox Web GUI, it just lets me right through without waiting for the MFA to be approved. Once you're in the web GUI and then go to the shell for one of the nodes, logging in with "admin" there also waits for phone authentication.
Is there a difference between how the Proxmox web gui authenticates against PAM vs how SSH does? Jumpcloud doesn't even see the request, so I'm wondering if SSH is authenticating against something else. Both the default "root" and the new "admin" account show up in /etc/passwd.
Appreciate any help.
*edit, the reason I want to use jumpcloud instead of the built-in MFA is because I want the pop-up notification to approve MFA instead of needing to type in a code. And it has to be a PAM realm user otherwise the Shell won't load in the Web GUI. All convenience stuff, lol.
Thanks!
Last edited: