Hi, if you want your gitlab to support 2FA via ssh you might be interested in orca <https://github.com/clusterit/orca>. Orca is a SSH proxy, it located in front of your internal servers and authenticates the user with its public key. The client must do agent forwarding so orca will forward the agent to the server in the back.
Orca supports time based login; you must first login via the web-UI and click on "activate for ... hours". Only within the given time you can login via SSH. Another option is 2FA with a timetoken (TOTP). You have to install an app on your mobile (FreeOTP <https://fedorahosted.org/freeotp/> or something similiar). Then you enable 2FA in Orca, scan the displayed QR-Code and now Orca does key-based authentication AND password authentication where you must provide the OTP from your mobile. You can do OTP-caching, so you don't have to enter the TOTP every time (great when working with git). Orca does not have user authentication. It uses OAuth2 providers, Currently tested are "google", "github" and "gitlab". When using "gitlab" as Oauth service, you have to register orca in your local gitlab installation and configure the Oauth-URLs in orca (you only have to change the server name <https://github.com/clusterit/orca#gitlab>). Interested? More info here <https://github.com/clusterit/orca>, or use the quickstart <https://github.com/clusterit/orca/blob/master/doc/quickstart.md> with a docker image and your github account. thanks </usc> -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/8bad57b9-6366-4338-a350-da189718fc1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
