X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=vrHZulg
	LSp3SphGiZjLfD4EdaLKsfOSVJ4nv9PmNqD5XHX+tlNNFxs/RyvbOSJPkUXjk74v
	lgxOz16yBsFhafxO/KSGBfVbLlCQhV+K/Kv63BxxQ/F1eNyncJ743ptoQLRGu9mJ
	iPIY2eIHhA2Rcj1s+v2SYm6AdT2Odcf0s3DE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=TG6xNAZgqMrL/
	dTjWV1KIvAChKM=; b=yF//ZY3UVCHXy7bNAFnRIjD8gku4um9gtmFNI3r+UyXKH
	OZpKGTpuM7yx/kyd5pKvMZD2qthp/FN5cWnP+wzI8M1b8cUNLxtoWiN+2iv9M0kQ
	vwSzuGVYwrKyFCS1zKkOJ2hLYXQswPXyahfCilfWYknlh8hINUv2N1OX/d57UA=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=passwords, Private, Hx-languages-length:969, Google
X-HELO: mail-wr1-f50.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=jn4dIy4s/k+ZrTb91x18iL/sffpqxHs/ckKobX6UVUU=;        b=spaF0bVs77UAUHPN+KAEdlmj7UrfuJOR233nxShaJsipiqBbU6lcjZLQ79xXo8Fu3T         votLr8f3Ri33vfkonoBrAEolF8JQJLMZHrsvdUju64nd849CBn+rAZ5vnOTiPVleHKf4         FvbSz/6hjVMHDOg3+yAJKmp41u2RVSw6Eo/tkJ3bGzgPEfwlphmtX7RQIG4enOTnMA07         IcJgRaeM0oh/cZVq2nmu2zMhF/IB6PFWenLcY7hv0FtV3bWf8sUecYMKEtEcYWiAVPQy         W9DRYG4eN46A6J++ip9/0PnRegM5KhhYqATjukn+y0XXT0VJzVxbwTg0gwB/PHX4QKwQ         gl8g==
MIME-Version: 1.0
References: <20190118105429.GA17068@ingber.com>
In-Reply-To: <20190118105429.GA17068@ingber.com>
From: Erik Soderquist <erik.soderquist@gmail.com>
Date: Tue, 26 Feb 2019 16:09:39 -0500
Message-ID: <CACoZoo2BkW893wr8tRuqKTNjwvE4Wmv2SccSQZHGXXJ4Qdy3=w@mail.gmail.com>
Subject: Re: sshd 2FA?
To: cygwin <cygwin@cygwin.com>
Content-Type: text/plain; charset="UTF-8"

On Fri, Jan 18, 2019 at 5:54 AM Lester Ingber wrote:
>
> On a Virtual Private Server under Ubuntu, for the past few years, I have had 2-factor authentication (2FA) set up along the lines described in
> https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
>
> Is this possible on Cygwin running the sshd server?

In theory, certainly...  in practice, you will likely have to set up
some custom pieces to handle the interactions in PAM to use the Google
authenticator (if that is a specific requirement rather than a general
illustration).  Alternately, you could use a different authenticator
that is either easier make cygwin-friendly (or already is).

I've been considering trying to setup 2fa for my cygwin sshd myself
for years, but it's been a low priority since currently I have to
already be inside the network anyway, and disallow passwords to begin
with in most circumstances.

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple