You'll have to explain that much better, because what you're suggesting does not make sense.Using Duo works; integration is simple and push authentication to mobile phone is much nicer than generating codes.
...assuming that key is encrypted in the first place, and there's really no way for the FreeNAS admin to enforce that.SSH with Public Key authentication generally implies two-factor authentication, since you need a passphrase to decrypt the key you sign the server's challenge with.
Which part do you not understand? I'm using Duo Security for MFA.You'll have to explain that much better, because what you're suggesting does not make sense.
And how does that integrate with FreeNAS?Which part do you not understand? I'm using Duo Security for MFA.
The really big issue is with root's SSH access. Regular users are a whole different matter - they probably shouldn't have SSH access at all....assuming that key is encrypted in the first place, and there's really no way for the FreeNAS admin to enforce that.
Use the FreeBSD pkg for duo: https://www.freshports.org/security/duo/
Trying to get a functional compiler and libraries on your FreeNAS dataset is probably a bad idea.
You should never install anything on base FreeNAS.
I don't see any way to do that on FreeNAS without breaking a lot of rules. I also don't see any reason to use 2FA for SSH or SFTP, when public key authentication is an option instead.I don't see how that will provide 2fa for ssh/sftp?
I don't see any way to do that on FreeNAS without breaking a lot of rules. I also don't see any reason to use 2FA for SSH or SFTP, when public key authentication is an option instead.