https://bugzilla.mindrot.org/show_bug.cgi?id=2876
James Ralston <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #10 from James Ralston <[email protected]> --- Hi Damien. Is there any way we could assist with the effort here? MFA logins (e.g., Duo) are becoming more and more ubiquitous. When MFA is in play, it can be pretty important that PAM_TEXT_INFO messages are pushed immediately, instead of being collected until the next PAM_PROMPT_ECHO_[ON|OFF] response. E.g., the PAM_TEXT_INFO message could be this: "Hey, we just auto-pushed an auth request to your mobile device, so if it looks like your login session just hung, maybe go grab your phone and approve the request? Or just sit there staring dumbly at the screen for 90 seconds until the push request times out. Your call." I get why the /* accumulate messages */ logic was the case historically (because SSH protocol version 1 was teh suck), but now that SSHv1 is (deservedly) dead, it would be great to address this for SSHv2 keyboard-interactive auth. If there's a concern about potentially breaking other ssh clients (e.g. comment 8), perhaps the "push PAM_TEXT_INFO messages immediately" behavior could be toggled by an option? E.g., PAMImmmediateNotifications? If you can come up with a tentative patch, we'd be happy to help test it, against multiple different ssh clients we have here (OpenSSH, Putty, et. al.) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
