PIN for opening new SSH session as a two factor authentication

Question

PIN for opening new SSH session as a two factor authentication

alexander-naumov opened this issue 5 years ago · 2 comments

It would be nice to have a possibility to get autogenerated one-time PIN via email. Open new SSH-session for specific user should be possible only after successfull entering this PIN (and after successfull entering SSH password).

Answer 1 · 2020-06-23T15:16:47.000Z

Test on FreeBSD 12.1 (x86_64, MTA:sendmail) and openSUSE TW (x86_64, MTA:postfix) is successful.

Answer 2 · 2020-09-06T12:11:44.000Z

Now p2c is able to generate one-time PIN and send it via email, ask for it (after user provided its SSH password), compare it and create new session or not, depend on user's input.
For generating p2c uses /dev/urandom(4).

Unfortunately, there is one PAM_CONV bug on xUbuntu system found.
On FreeBSD and openSUSE it works well.