Add Two-Factor Authentication to SSH Logins
Open Discussion
Now that 2FA works via cPanel/WHM logins, it would also be nice to have 2FA working when logging into SSH. So, if a user has 2FA turned on for their account (including root), they should also be asked to enter the 2FA OTP after they log in to SSH regardless of whether they already use SSH keys or just their regular passwords. This would greatly add to the security of the servers, especially if it could also work using more advanced 2FA methods using Yubikeys, U2F, etc...
I don't like this idea at all since I just had to disable 2-factor for one of my clients who lost his phone and could no longer use 2-factor to login via WHM -- imagine if he had turned on 2-factor for SSH as well. He'd have been completely locked out of his server and I would have been powerless to help him. Sorry, I don't like this idea. People are too careless. I would support this feature if the server allowed another method of access if SSH and WHM were both locked out with 2-factor and there was no access (like in today's case where my client lost his phone).
I don't like this idea at all since I just had to disable 2-factor for one of my clients who lost his phone and could no longer use 2-factor to login via WHM -- imagine if he had turned on 2-factor for SSH as well. He'd have been completely locked out of his server and I would have been powerless to help him. Sorry, I don't like this idea. People are too careless. I would support this feature if the server allowed another method of access if SSH and WHM were both locked out with 2-factor and there was no access (like in today's case where my client lost his phone).
I only see two reasons for supporting 2FA for SSH
1. SSH Keys are too hard
2. Support for mobile administration (i.e. logging in from a machine that doesn't have SSH Keys)
I only see two reasons for supporting 2FA for SSH
1. SSH Keys are too hard
2. Support for mobile administration (i.e. logging in from a machine that doesn't have SSH Keys)
Replies have been locked on this page!