On 24/3/25 12:29, jeremy ardley wrote:
You could use MFA on the SSH connection and then use certificates to
establish the VPN connection?
My SSH MFA setup has clients must connect using a certificate, then
they must enter a pasword, and then they must complete a google
authenticator.
It is possible to configure OpenVPN with MFA such as google
authenticator, but other mechanisms are possible.
I should mention that having an internet facing ssh service is usually a
very bad idea. The 'better' approach is to have only a VPN exposed and
use heavy security on that. Once the VPN link is established you can ssh
through the VPN to internal systems.