Add Support for Multi-Factor Authentication

apache / mina-sshd

Apache MINA sshd is a comprehensive Java library for client- and server-side SSH.

https://mina.apache.org/sshd-project/

Apache License 2.0

880 stars 355 forks source link

Add Support for Multi-Factor Authentication #433

Open fherbreteau opened 9 months ago

fherbreteau commented 9 months ago

Description

Mina SSH Server should have a way to handle multi-factor authentication using a generic mecanism that will be implemented as need (Google Auth, Authy, ...)

Motivation

This improvement can also improve security as required in some companies which require a private key and a security code.

Alternatives considered

No response

Additional context

No response

tomaswolf commented 9 months ago

Support for PKCS11 hardware security modules is not implemented in Apache MINA sshd, but could be added via the SunPKCS11 security provider. JGit did so.

Support for FIDO keys (sk_* keys) would be similar, but as there is no standard access library in Java, one would have to write one first, possibly using JNA.