Non-key based logins are ignored by onetouch-ssh

[valentinalexeev]

In case sshd allows both key and key-less access onetouch-ssh will not be enforced on clients who connect without a key.

One potential solution is to use ForceCommand in /etc/ssh/sshd_config to require call to onetouch-ssh upon login.

I had configured my /etc/ssh/sshd_config in the following way:

Match User valexeev
  ForceCommand /home/valexeev/.authy-onetouch/login.sh

With login.sh containing:

#!/bin/sh
/usr/local/bin/onetouch-ssh shell AUTHYID

It should be possible to create a non-user dependent script that will check SSH environment variables to determine correct AUTHYID.