Meaningful 2fa on modern linux Recently I heard of someone asking the question: "I have an AD environment connected with <product> IDM. I want to have 2fa/mfa to my linux machines for ssh, that works when the central servers are offline. What's the best way to achieve this?" Today I'm going to break this down - but the conclusion for the lazy is: This is not realistically possible today: use ssh keys with ldap distribution, and mfa on the workstations, with full disk encryption. Background So...
