On 23.11.2016 02:03 PM, swizz ly wrote:
Thanks for the update. I tried it, it works nicely, many thanks! However, there is a small thing: the user has to be aware that the "Password:" in the first window is ignored and has nothing to do with the two factor authentication, only in the pop-up window with the "Verification code:" should he/she enter the two-factor passcode. It might be somewhat confusing for the first time. As a small suggestion, I would either use the input from the "Password:" field even for the two-factor passcode, or in the pop-up window I would directly copy the prompt from the SSH session, in this case "Enter PASSCODE:" instead of "Verification code:".
I think that's the way PAM works.
Isn't the idea of 2FA to use both the password and a challenge auth token? Users will need to supply their password anyway, so I don't see the problem at hand currently. Do we get two windows, one for the password (or private key passphrase) and one for the verification code, EVEN THOUGH the password/private key passphrase has been set directly in the session config or via an SSH agent?
Copying the prompt actually sounds like a good idea, though, yeah.
Mihai