Closed iget-esoares closed 5 years ago
I would suggest that SSH ControlMaster may be a better fit for you. But if not then this seems like an orthogonal feature that can be implemented by a PAM module that does just that, and the PAM configuration can then "skip next module if this module says success
", which would make it work not just with GA PAM module, but any other too.
Thanks for your help. I'll try the suggested approach
Description
My feature request is about creating a way to trusting on a client (same IP address, same user) for certain period of time as an optional feature.
The time window is not necessarily large. A few seconds it's enough.
Use case
I have a few scripts that run on a remote server, but it run many commands in a row, like 5~6 commands. Since our server is protected by this, it's necessary to type the TFA code many times in a row.
Risks
This opens a security gap, an attacker with access to the client computer (or using same internet connection) might wait for a authentic connection to connect without needing TFA. But as many other options on this module, it's a choice that the administrator can take.