I know that it's possible to enable SSH access with AWS Session Manager and use MFA with Bastion. My question is, can I combine the two? I want to ssh into an EC2 instance proxying through Session Manager, but also be prompted for MFA.
Thanks
Asked
Active
Viewed 431 times
1 Answers
0
You can indeed combine the two. All you have to do is add pam-google-authenticator lib to your instances and add your configuration to OpenSSH config. My suggestion would be you do it on one of the instances and then capture an AMI to scale it across multiple instances.
You should set up MFA for SSH sessions on these instances first and then integrate your session manager for these as well.
You can refer this tutorial to action this into your instances. https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-16-04
Hope this helps!
Piyush Baderia
- 106
- 7