Updates for MFA
pvandyken opened this issue · comments
If you're updating this, would you mind also making a change to the settings for handling MFA? These were based on the combination of some discussion with Alliance support and also the following: https://docs.alliancecan.ca/wiki/Multifactor_authentication#Configuring_your_SSH_client_to_only_ask_every_so_often
- Add the following to
.ssh/configsuch that MFA is only asked after a period of time rather than each timessh/sshfsis called:
Host HOSTNAME
ControlPath ~/.ssh/cm-%r@%h:%p
ControlMaster auto
ControlPersist 10m # Can change this to 0 to only ask once
- Update
sshfswith the following options (removes ServerAliveCount and updates ServerAliveInterval):
reconnect,ServerAliveInterval=0,Compression=no,follow_symlinks
The second point was at least working on a cloud instance I was testing this out on. To that end, the second point is more just to let the mount persist, else sshfs will always ask about MFA (and doesn't actually take config AFAIK into consideration).
Note these were all on Linux distros, so not sure of the equivalent for Windows.
Originally posted by @kaitj in #15 (comment)
Also, from what I can tell Windows sshfs won't work anymore because winfsp is incompatible with MFA. I'll check with Greydon to see if he ever found a way around that (since he wrote the linked instructions), but otherwise we'll have to remove that section
I had also used this a while ago when I had initially setup the VR desktops (prior to MFA), but I wonder if something in these instructions may be able to make it work via "Jump Hosts".
I had also used this a while ago when I had initially setup the VR desktops (prior to MFA), but I wonder if something in these instructions may be able to make it work via "Jump Hosts".
I had experimented with this before but couldn't get it to work
I had experimented with this before but couldn't get it to work
🥲 Ahh, that is unfortunate.
Just a note not to actually put the comment at the end of the one field, ssh doesn't like it