Received: from mailout.teamnet.de (mailout.teamnet.de [80.87.112.166]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id B0BC378198D for <~alpine/users@lists.alpinelinux.org>; Sun, 20 Oct 2019 16:34:10 +0000 (UTC) Received: from smtp.teamnet.de (smtp.teamnet.de [80.87.112.146]) by mailout.teamnet.de (Postfix) with ESMTP id 69F603F9013 for <~alpine/users@lists.alpinelinux.org>; Sun, 20 Oct 2019 18:34:09 +0200 (CEST) Message-ID: Subject: sshd and google authenticator From: Sascha Effert Reply-To: fermat@douglas2a.de To: ~alpine/users@lists.alpinelinux.org Date: Sun, 20 Oct 2019 18:34:08 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.32.1-2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Hi, I am trying to setup a docker image based on alpine that runs an SSH server using google authenticator. I followed the description at https://wiki.alpinelinux.org/wiki/Two_Factors_Authentication_With_OpenSSH . This works, as long as I do not use the feature to allow only 3 tries in 30 seconds. So, the following line has NOT to be in the .google_authenticator file in my home dir: " RATE_LIMIT 3 30 If it is in, any verification code is denyed. Does anybody has an idea why this happens? I would really like to use this feature as I do not want to setup fail2ban or anything similiar to protect my SSH server against brute force attacks... It shall be reachable from internet... bests Sascha