[PR #241] [MERGED] add ``--proactive-mfa`` and mfa/nofa interactive commands #338

New issue

Closed

opened 2026-05-07 00:20:25 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:20:25 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/241
Author: @speed47
Created: 9/15/2021
Status: ✅ Merged
Merged: 9/21/2021
Merged by: @speed47

Base: master ← Head: proactive_mfa

📝 Commits (2)

4d7282b chore: rename an envvar for clarity
87f373c feat: add --proactive-mfa and mfa/nofa interactive commands

📊 Changes

9 files changed (+213 additions, -49 deletions)

View changed files

📝 bin/dev/perlcriticrc (+1 -0)
📝 bin/plugin/open/selfMFASetupPassword (+1 -1)
📝 bin/plugin/open/selfMFASetupTOTP (+1 -1)
📝 bin/shell/osh.pl (+36 -7)
📝 doc/sphinx/administration/configuration/bastion_conf.rst (+24 -0)
📝 etc/bastion/bastion.conf.dist (+10 -0)
📝 lib/perl/OVH/Bastion/configuration.inc (+22 -21)
📝 lib/perl/OVH/Bastion/interactive.inc (+81 -19)
📝 tests/functional/tests.d/370-mfa.sh (+37 -0)

📄 Description

For bastions using JIT MFA, where MFA can be requested when
attempting to connect through specific groups, or when using
some commands, with respect to MFA being enforced at connection
time directly through the sshd authentication process, one can
now request MFA validation in advance, to workaround problems
in commands such as ``clush``  or ``batch``, and interactive mode.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/241 **Author:** [@speed47](https://github.com/speed47) **Created:** 9/15/2021 **Status:** ✅ Merged **Merged:** 9/21/2021 **Merged by:** [@speed47](https://github.com/speed47) **Base:** `master` ← **Head:** `proactive_mfa` --- ### 📝 Commits (2) - [`4d7282b`](https://github.com/ovh/the-bastion/commit/4d7282b4bdb43b092eff5699a3e0a6dbbae0d0c4) chore: rename an envvar for clarity - [`87f373c`](https://github.com/ovh/the-bastion/commit/87f373cbf661810dad0cb08a3082e2e1fc8429d7) feat: add --proactive-mfa and mfa/nofa interactive commands ### 📊 Changes **9 files changed** (+213 additions, -49 deletions) <details> <summary>View changed files</summary> 📝 `bin/dev/perlcriticrc` (+1 -0) 📝 `bin/plugin/open/selfMFASetupPassword` (+1 -1) 📝 `bin/plugin/open/selfMFASetupTOTP` (+1 -1) 📝 `bin/shell/osh.pl` (+36 -7) 📝 `doc/sphinx/administration/configuration/bastion_conf.rst` (+24 -0) 📝 `etc/bastion/bastion.conf.dist` (+10 -0) 📝 `lib/perl/OVH/Bastion/configuration.inc` (+22 -21) 📝 `lib/perl/OVH/Bastion/interactive.inc` (+81 -19) 📝 `tests/functional/tests.d/370-mfa.sh` (+37 -0) </details> ### 📄 Description For bastions using JIT MFA, where MFA can be requested when attempting to connect through specific groups, or when using some commands, with respect to MFA being enforced at connection time directly through the sshd authentication process, one can now request MFA validation in advance, to workaround problems in commands such as ``clush`` or ``batch``, and interactive mode. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>