aneeshusa
commented
8 years ago To be more clear, when I say 'via PAM' I mean using Google Authenticator via PAM. I would not feel comfortable using a third-party service (e.g. Duo) in our SSH login path and would prefer to stick to TOTP or another self-contained service.
Inspired by #399. Essentially blocked by #253 and #254.
This can be done on Linux via PAM (see https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Multi-Factor_Authentication_.28OpenSSH_6.3.2B.29 for example). I'm not sure about how to do this on OS X - suggestions welcome.