From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-215599-listarch-cygwin=sourceware.org@cygwin.com>
Received: (qmail 75354 invoked by alias); 26 Feb 2019 21:09:58 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Received: (qmail 71213 invoked by uid 89); 26 Feb 2019 21:09:56 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=passwords, Private, Hx-languages-length:969, Google
X-HELO: mail-wr1-f50.google.com
Received: from mail-wr1-f50.google.com (HELO mail-wr1-f50.google.com) (209.85.221.50) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 26 Feb 2019 21:09:55 +0000
Received: by mail-wr1-f50.google.com with SMTP id f14so15574475wrg.1        for <cygwin@cygwin.com>; Tue, 26 Feb 2019 13:09:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=jn4dIy4s/k+ZrTb91x18iL/sffpqxHs/ckKobX6UVUU=;        b=spaF0bVs77UAUHPN+KAEdlmj7UrfuJOR233nxShaJsipiqBbU6lcjZLQ79xXo8Fu3T         votLr8f3Ri33vfkonoBrAEolF8JQJLMZHrsvdUju64nd849CBn+rAZ5vnOTiPVleHKf4         FvbSz/6hjVMHDOg3+yAJKmp41u2RVSw6Eo/tkJ3bGzgPEfwlphmtX7RQIG4enOTnMA07         IcJgRaeM0oh/cZVq2nmu2zMhF/IB6PFWenLcY7hv0FtV3bWf8sUecYMKEtEcYWiAVPQy         W9DRYG4eN46A6J++ip9/0PnRegM5KhhYqATjukn+y0XXT0VJzVxbwTg0gwB/PHX4QKwQ         gl8g==
MIME-Version: 1.0
References: <20190118105429.GA17068@ingber.com>
In-Reply-To: <20190118105429.GA17068@ingber.com>
From: Erik Soderquist <erik.soderquist@gmail.com>
Date: Tue, 26 Feb 2019 21:56:00 -0000
Message-ID: <CACoZoo2BkW893wr8tRuqKTNjwvE4Wmv2SccSQZHGXXJ4Qdy3=w@mail.gmail.com>
Subject: Re: sshd 2FA?
To: cygwin <cygwin@cygwin.com>
Content-Type: text/plain; charset="UTF-8"
X-SW-Source: 2019-02/txt/msg00453.txt.bz2

On Fri, Jan 18, 2019 at 5:54 AM Lester Ingber wrote:
>
> On a Virtual Private Server under Ubuntu, for the past few years, I have had 2-factor authentication (2FA) set up along the lines described in
> https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
>
> Is this possible on Cygwin running the sshd server?

In theory, certainly...  in practice, you will likely have to set up
some custom pieces to handle the interactions in PAM to use the Google
authenticator (if that is a specific requirement rather than a general
illustration).  Alternately, you could use a different authenticator
that is either easier make cygwin-friendly (or already is).

I've been considering trying to setup 2fa for my cygwin sshd myself
for years, but it's been a low priority since currently I have to
already be inside the network anyway, and disallow passwords to begin
with in most circumstances.

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple