On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein <borepst...@gmail.com> wrote:
> It is interesting because some people mention combined methods - like > SSL hostkey + some second factor being used just in that fashion: > > https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html > > But based on my experience thus far it looks like Ted is right. So I > may have to write a utility for combined login. What should that > utility do - call the two methods in question and return true or > false depending on whether they succeed? You can actually look at the auth plugin this (brilliantly written btw, *cough* ;)) blog article mentions. login_oauth allows you to use totp and a password: > DESCRIPTION > The login_totp-and-pwd program attempts to authenticate the user > via a combination of password authentication and an OATH time-based > one-time password (quote from login_totp-and-pwd.8). Cheers, Daniel
