Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates for MFA #16

Open
pvandyken opened this issue Feb 23, 2024 · 5 comments
Open

Updates for MFA #16

pvandyken opened this issue Feb 23, 2024 · 5 comments

Comments

@pvandyken
Copy link
Contributor

pvandyken commented Feb 23, 2024
edited
Loading

If you're updating this, would you mind also making a change to the settings for handling MFA? These were based on the combination of some discussion with Alliance support and also the following: https://docs.alliancecan.ca/wiki/Multifactor_authentication#Configuring_your_SSH_client_to_only_ask_every_so_often

  • Add the following to .ssh/config such that MFA is only asked after a period of time rather than each time ssh/sshfs is called:
Host HOSTNAME
    ControlPath ~/.ssh/cm-%r@%h:%p
    ControlMaster auto
    ControlPersist 10m # Can change this to 0 to only ask once
  • Update sshfs with the following options (removes ServerAliveCount and updates ServerAliveInterval):
reconnect,ServerAliveInterval=0,Compression=no,follow_symlinks

The second point was at least working on a cloud instance I was testing this out on. To that end, the second point is more just to let the mount persist, else sshfs will always ask about MFA (and doesn't actually take config AFAIK into consideration).

Note these were all on Linux distros, so not sure of the equivalent for Windows.

Originally posted by @kaitj in #15 (comment)
@pvandyken
Copy link
Contributor Author

Also, from what I can tell Windows sshfs won't work anymore because winfsp is incompatible with MFA. I'll check with Greydon to see if he ever found a way around that (since he wrote the linked instructions), but otherwise we'll have to remove that section

@kaitj
Copy link
Contributor

kaitj commented Feb 24, 2024

I had also used this a while ago when I had initially setup the VR desktops (prior to MFA), but I wonder if something in these instructions may be able to make it work via "Jump Hosts".

https://github.com/winfsp/sshfs-win

@pvandyken
Copy link
Contributor Author

I had also used this a while ago when I had initially setup the VR desktops (prior to MFA), but I wonder if something in these instructions may be able to make it work via "Jump Hosts".

I had experimented with this before but couldn't get it to work

@kaitj
Copy link
Contributor

kaitj commented Feb 24, 2024

I had experimented with this before but couldn't get it to work

🥲 Ahh, that is unfortunate.

@pvandyken
Copy link
Contributor Author

Just a note not to actually put the comment at the end of the one field, ssh doesn't like it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaitj @pvandyken