[mosh-devel] Mosh and 2FA

Alex Chernyakhovsky achernya at mit.edu
Mon Feb 5 09:08:45 EST 2024 

HI folks,

2FA is usually (always?) used for authentication requests. Since mosh
leverages ssh, it automatically inherits ssh's 2FA configuration, if one
exists. I don't think it makes sense for mosh to add its own 2FA at some
sort of regular interval, as that would be easily bypassed by a user
patching this feature out and running a custom mosh. (mosh doesn't have a
privileged server-side component, it's just a normal user process).

If re-authentication is a concern, then you should limit the time of a
session being open server-side. An ssh session could hypothetically last
days/weeks too.

Sincerely,
-Alex

On Mon, Feb 5, 2024 at 8:44 AM Dave Taht <dave.taht at gmail.com> wrote:

> mosh leverages ssh to initiate the connection, which can be 2FA.
>
> However the advantage to mosh is its persistence, so adding 2FA to it
> periodically would make sense.
>
> On Mon, Feb 5, 2024 at 8:15 AM Rafael Ribeiro dos Santos
> <Rafael.Santos at uib.no> wrote:
> >
> > Hello,
> >
> > My name is Rafael and I currently work for University of Bergen in
> Norway, supporting users of our HPC systems.
> >
> > An user recently created a ticket asking to have Mosh available as his
> connection is not very reliable and I escalated to our internal team, which
> asked me if Mosh would work with the 2FA we are implementing on the servers.
> >
> > Since it is not fully implemented yet, I couldn't test it but just look
> for more information online on the GitHub repos and discussions. However, I
> just found very old messages from 2017.
> >
> > My question is: does Mosh support 2FA?  Are there any issues or details
> we should observe when installing Mosh and using with the 2FA?
> >
> > Thank you!
> >
> > Best Regards,
> > Rafael
> > _______________________________________________
> > mosh-devel mailing list
> > mosh-devel at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/mosh-devel
>
>
>
> --
> 40 years of net history, a couple songs:
> https://www.youtube.com/watch?v=D9RGX6QFm5E
> Dave Täht CSO, LibreQos
>
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> https://mailman.mit.edu/mailman/listinfo/mosh-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mit.edu/pipermail/mosh-devel/attachments/20240205/492d258b/attachment.htm>

More information about the mosh-devel mailing list