Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable MFA verification when using an SK #474

Open
perrze opened this issue Apr 23, 2024 · 0 comments
Open

Disable MFA verification when using an SK #474

perrze opened this issue Apr 23, 2024 · 0 comments

Comments

@perrze
Copy link
Contributor

perrze commented Apr 23, 2024

Hi,
This message is more of a bastion setup question than a issue on the code itself.
Since v3.16.00 (youhou) we can use SK keys to connect to bastion.
But we still need to use MFA after the key is used.
Since, in my organization we consider (is it true ?) that using SK keys constitute a MFA, we thought to disable MFA enforcement.
But since we don't have a lot of money (being a french non-profit) we can't afford buying FIDO keys to everyone.

I wonder if you had ideas to how disable MFA when a user is using SK keys to connect but enforce it when he is using "normal ssh key" ?

I search the web and it doesn't openssh offers the possibility to Match on type of key used. And a group like "nopam" doesn't work because a user could have both sk and not sk keys on his account.

Thanks for your answers, if a change of code is needed I will be pleased to help writing it !
Perrze.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant