cPanel & WHM Version 108 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Add Two-Factor Authentication to SSH Logins

Private shared this idea 6 years ago
Open Discussion

Now that 2FA works via cPanel/WHM logins, it would also be nice to have 2FA working when logging into SSH. So, if a user has 2FA turned on for their account (including root), they should also be asked to enter the 2FA OTP after they log in to SSH regardless of whether they already use SSH keys or just their regular passwords. This would greatly add to the security of the servers, especially if it could also work using more advanced 2FA methods using Yubikeys, U2F, etc...

Replies (2)

photo
1

I don't like this idea at all since I just had to disable 2-factor for one of my clients who lost his phone and could no longer use 2-factor to login via WHM -- imagine if he had turned on 2-factor for SSH as well. He'd have been completely locked out of his server and I would have been powerless to help him. Sorry, I don't like this idea. People are too careless. I would support this feature if the server allowed another method of access if SSH and WHM were both locked out with 2-factor and there was no access (like in today's case where my client lost his phone).

photo
2

Thank you for that feedback! Making sure that there's a viable recovery option is definitely something we can keep in mind if this request gets picked up by the development team.

photo
2

I appreciate that. I just like to think of all the possible angles. ;-)

photo
3

Am I wrong in thinking that using remote SSH Keys is the same effect as 2FA, if not stronger? to access my servers on SSH I need to have the SSH key AND the key password. Adding 2FA on top of this would not seem to add more entropy/security to the login process.

photo
photo
2

I only see two reasons for supporting 2FA for SSH

1. SSH Keys are too hard

2. Support for mobile administration (i.e. logging in from a machine that doesn't have SSH Keys)

Leave a Comment
 
Attach a file