Configure Keyboard Interactive Authentication

Keyboard-interactive authentication is supported by default; no configuration is required on either the server or the client to use this authentication method.

Follow these procedures if you want to modify the default server or client configuration.

To configure keyboard interactive authentication on the client

Open the client configuration file (/etc/ssh2/ssh2_config) in a text editor.
Edit the AllowedAuthentications keyword. For example, to require keyboard interactive authentication:
```
AllowedAuthentications=keyboard-interactive
```

To configure keyboard interactive authentication on the server

Open the server configuration file (/etc/ssh2/sshd2_config) in a text editor.

Edit AllowedAuthentications or RequiredAuthentications. For example:

To	Do This
Support keyboard-interactive authentication, but not traditional password authentication	Remove password from the allowed list. For example: AllowedAuthentications=gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
Require keyboard interactive authentication	Enter the following command: RequiredAuthentications=keyboard-interactive

Do This

Support keyboard-interactive authentication, but not traditional password authentication

Remove password from the allowed list. For example:

AllowedAuthentications=gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive

Require keyboard interactive authentication

Enter the following command:

RequiredAuthentications=keyboard-interactive

(Optional) Use AuthKbdInt.Retries to change the maximum number of attempts a user is allowed for keyboard-interactive authentication (the default is 3). For example:
```
AuthKbdInt.Retries=5
```
(Optional) Configure account management using AccountManagement. For details, see Pluggable Authentication Modules (PAM).