On Thu, Aug 13, 2020 at 09:39:43AM -0500, Nicholas Geovanis wrote: > On Thu, Aug 13, 2020, 6:47 AM Henning Follmann <hfollm...@itcfollmann.com> > wrote: > > > On Thu, Aug 13, 2020 at 01:37:39PM +0200, Pòl Hallen wrote: > > > Hi folks :) > > > > > > > > what it better with 2FA: at ssh login request first 2FA authentication > > next > > > ssh password or viceversa? > > > > > > thanks! > > > > > > Pol > > > > sorry to say, but 2FA is again one of the hype things. Why do you need 2FA > > for ssh. I mean a really good reason. > > Maintain a good keychain and you wont need 2FA. > > > > The usual reason is an out-of-band or hardware-based one-time pad. The > additional password is for that session only. >
That is not a reason. This is "how". The "session only" I kind of get though. But still. Currently everyone is pushing 2FA and most of the time the implementation sucks or there is no good reason for it. And for ssh a password protected keychain is the reasonable way to go. -H -- Henning Follmann | hfollm...@itcfollmann.com
