X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; q=dns; s=default; b=vrHZulg
	LSp3SphGiZjLfD4EdaLKsfOSVJ4nv9PmNqD5XHX+tlNNFxs/RyvbOSJPkUXjk74v
	lgxOz16yBsFhafxO/KSGBfVbLlCQhV+K/Kv63BxxQ/F1eNyncJ743ptoQLRGu9mJ
	iPIY2eIHhA2Rcj1s+v2SYm6AdT2Odcf0s3DE=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type; s=default; bh=TG6xNAZgqMrL/
	dTjWV1KIvAChKM=; b=yF//ZY3UVCHXy7bNAFnRIjD8gku4um9gtmFNI3r+UyXKH
	OZpKGTpuM7yx/kyd5pKvMZD2qthp/FN5cWnP+wzI8M1b8cUNLxtoWiN+2iv9M0kQ
	vwSzuGVYwrKyFCS1zKkOJ2hLYXQswPXyahfCilfWYknlh8hINUv2N1OX/d57UA=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=passwords, Private, Hx-languages-length:969, Google
X-HELO: mail-wr1-f50.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=gmail.com; s=20161025;        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;        bh=jn4dIy4s/k+ZrTb91x18iL/sffpqxHs/ckKobX6UVUU=;        b=spaF0bVs77UAUHPN+KAEdlmj7UrfuJOR233nxShaJsipiqBbU6lcjZLQ79xXo8Fu3T         votLr8f3Ri33vfkonoBrAEolF8JQJLMZHrsvdUju64nd849CBn+rAZ5vnOTiPVleHKf4         FvbSz/6hjVMHDOg3+yAJKmp41u2RVSw6Eo/tkJ3bGzgPEfwlphmtX7RQIG4enOTnMA07         IcJgRaeM0oh/cZVq2nmu2zMhF/IB6PFWenLcY7hv0FtV3bWf8sUecYMKEtEcYWiAVPQy         W9DRYG4eN46A6J++ip9/0PnRegM5KhhYqATjukn+y0XXT0VJzVxbwTg0gwB/PHX4QKwQ         gl8g==
MIME-Version: 1.0
References: <20190118105429 DOT GA17068 AT ingber DOT com>
In-Reply-To: <20190118105429.GA17068@ingber.com>
From: Erik Soderquist <erik DOT soderquist AT gmail DOT com>
Date: Tue, 26 Feb 2019 16:09:39 -0500
Message-ID: <CACoZoo2BkW893wr8tRuqKTNjwvE4Wmv2SccSQZHGXXJ4Qdy3=w@mail.gmail.com>
Subject: Re: sshd 2FA?
To: cygwin <cygwin AT cygwin DOT com>
Content-Type: text/plain; charset="UTF-8"

On Fri, Jan 18, 2019 at 5:54 AM Lester Ingber wrote:
>
> On a Virtual Private Server under Ubuntu, for the past few years, I have had 2-factor authentication (2FA) set up along the lines described in
> https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
>
> Is this possible on Cygwin running the sshd server?

In theory, certainly...  in practice, you will likely have to set up
some custom pieces to handle the interactions in PAM to use the Google
authenticator (if that is a specific requirement rather than a general
illustration).  Alternately, you could use a different authenticator
that is either easier make cygwin-friendly (or already is).

I've been considering trying to setup 2fa for my cygwin sshd myself
for years, but it's been a low priority since currently I have to
already be inside the network anyway, and disallow passwords to begin
with in most circumstances.

-- Erik

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple