PrivacyIDEA(on Ubuntu 22) that provide OTP login along with SSH login for 10+ Linux(Ubuntu 22,Centos) client environment

Pandiarajan · February 17, 2026, 8:39pm

Hi Team,

I have created centralized MFA server with PrivacyIDEA(on Ubuntu 22) that needs to provide OTP login for SSH login for 10+ Linux(ubuntu 22,Centos) client environment.

Current Setup - Ubuntu 22 + PrivacyIDEA 3.12.2 + Freeradius

Conditions are:

No LDAP/AD server user logins each client server already has few local user accounts I want to configure MFA ie OTP for login with existing local user accounts.
SSH user login and SUDO access require OTP. While try to SSH access to any clients login should be username and password once its success then prompt to Enter OTP.

I am looking for 1. Creation of policy with suitable condition and action to configure at Server side. 2. How to configure this on client SSH configure.

Please help me.

doachs · February 19, 2026, 9:38pm

I don’t have all the answers, but to get you started, look into using the privacyidea-pam module.
I am using this on RockyLinux to get PrivacyIdea to work with ssh and local logins.

You can then modify your PAM configuration files to insert MFA wherever you see appropriate.

doachs · February 19, 2026, 9:41pm

I should also mention, I found this documentation to be extremely helpful with getting it all setup.

You won’t need to follow all the instructions, just the parts for the features you are looking for.