Additional options for supporting duo 2FA solution https://duo.com/docs/duounix Change-Id: I0a4284fc148fc31c5e03f45e090726567688c3f4

commit: f6be3cf07cb3b42b00c6fefcb9355dc444e2bfda [log] [tgz]
author: Gleb Galkin <ggalkin@mirantis.com> Wed Oct 17 17:39:24 2018 +0300
committer: Gleb Galkin <ggalkin@mirantis.com> Mon Oct 22 16:23:31 2018 +0300
tree: 432f1b6fd765c8b629dd857648d59fbb4c010985
parent: 98b5bf1fdb5acba50c026ba7e6eed1a4426cfe63 [diff] [blame]
diff --git a/README.rst b/README.rst
index 8254184..c2d3a3b 100644
--- a/README.rst
+++ b/README.rst

@@ -154,6 +154,37 @@
       server:
         dss_enabled: true
 
+* The OpenSSH server configuration with the duo 2FA
+https://duo.com/docs/duounix
+with Match User 2FA can be bypassed for some accounts
+
+  .. code-block:: yaml
+
+    openssh:
+      server:
+        use_dns: false
+        password_auth: false
+        challenge_response_auth: true
+        ciphers:
+          aes256-ctr:
+            enabled: true
+          aes192-ctr:
+            enabled: true
+          aes128-ctr:
+            enabled: true
+        authentication_methods:
+          publickey:
+            enabled: true
+          keyboard-interactive:
+            enabled: true
+        match_user:
+          jenkins:
+            authentication_methods:
+              publickey:
+                enabled: true
+
+
+
 * OpenSSH server configuration supports AllowUsers, DenyUsers, AllowGroup,
 DenyGroups via allow_users, deny_users, allow_groups, deny_groups keys respectively.
commit	f6be3cf07cb3b42b00c6fefcb9355dc444e2bfda	[log] [tgz]
author	Gleb Galkin <ggalkin@mirantis.com>	Wed Oct 17 17:39:24 2018 +0300
committer	Gleb Galkin <ggalkin@mirantis.com>	Mon Oct 22 16:23:31 2018 +0300
tree	432f1b6fd765c8b629dd857648d59fbb4c010985
parent	98b5bf1fdb5acba50c026ba7e6eed1a4426cfe63 [diff] [blame]