I am using PI version 3.12.2 and privacyidea-pam version 1.0. Everything is functioning, however I have a question about the text that is displayed or not displayed while waiting for a user to accept a push notification when connecting via ssh.
If I ssh into a server that is protected by PI and the pricacyidea-pam module and enter my password, there is no feedback. It looks like my ssh session is stuck but it is really just waiting for me to accept the push notification. If I accept the push notification I am instantly allowed in and all is well. This is with an account that only has a push token configured.
However, if I add a TOTP token to that account, when I ssh into the protected server, I am greeted with, “Please confirm the authentication on your mobile device!, please enter otp:”
I can then accept the push notification, hit enter on my ssh connection, and get it.
My question is, is there a way that I can get the notification “Please confirm the authentication on your mobile device!” to be displayed if I only have a push token configured for my user? If so, what setting should I look at to make that happen?
PAM Module configuration looks like this:
pam_privacyidea.so url=https://redacted.server.com sendEmptyPass pollTime=60 debug
ssh authentication policy is set to:
challenge_response: totp push | otppin: none
Thanks,
Dan Oachs