ThomasHabets
commented
4 years ago In general I think it's an antipattern to have multiple people logging in to the same account. I know it's the most realistic solution in many cases though.
Like you say some of them would be valid. Since a window of codes is accepted it's actually already a concern.
I would recommend something else, like creating unique accounts and then control access to the role using /etc/sudoers. Or have some other system that uses 2FA that issues short-lived SSH certificates.
davidgfnet
Hey there! Typically one generates a fresh secret and adds it to an authenticator App or even some hardware TOTP device. An individual might have several codes for each machine/role they might want to log in as. It can also be shared among team members and so. However there's also some sort of inverse case: each person has a single secret, typically because they have a single hardware device (per person) so having a new secret per account is a bad idea. In this case it would be awesome if .google_authenticator file could have a list of secrets and attempt to validate them all. As long as one works it can proceed to login. There's some caveats like: what if there's a few hundreds of secrets? Well it might be slow. Even worse some of them might be valid by chance increasing the chances of an attacker to log in, not great.
Can you please at least give it a thought? Or perhaps suggest some alternatives?
Thanks a lot!