Closed Skarlso closed 6 years ago
ThomasHabets
commented
6 years ago No, it's not possible.
Without knowing anything about your use case I would recommend that you not share a single user, and instead use a sudo model.
PS: well, technically you can have one line in your PAM config per user, and use the *_pass_* options to try different files without asking many times, but I wouldn't recommend it.
Skarlso
commented
6 years ago @ThomasHabets Thanks Thomas!
Skarlso
commented
6 years ago @ThomasHabets yeah that sounds terrible. :D regarding your edit.
I can't move away from a mutli-user single user unfortunately. And I don't want to do a hacky solution.
akerl
commented
6 years ago Wouldn't sudo be exactly what you want here? The users connect in with their separate users, MFA with their separate seeds, and that grants them access to the shared user.
Skarlso
commented
6 years ago @akerl the users don't have accounts on the server directly. They are using an account which is assigned / generated automatically for a certain purpose. Nobody has direct access to anything.
hi,
We have a system where there is a single user, with other people accessing said user with a multitude of public SSH keys and a complex authentication system.
I managed to enable TOTP on this, which is nice, because now it asks for a verification code upon SSH which further secures the system.
Ideally I wouldn't want to share this secret between users, or register multiple devices for the same seed, but rather have multiple seeds for the same user but different public SSH keys.
Is that possible at all with this library? Or can anyone suggest a sensible workflow in this scenario other than a shared seed?
Thanks!