[siilikuin]

Chapter 8 of The Linux Programming Interface mentions that applications running on Linux have basically 2 options for authentication:

* Roll it themselves, maintain the database and all that jazz * Delegate it to the (very robust, very mature) Linux user authentication stuff

Ever since reading that I've found myself wondering why more apps don't simply use SSH keypairs for authentication, given that they're already such a battletested mechanism. I get the whole "no MFA!" argument, but still.

[themoonisachees]

If we really wanted MFA, we could roll a PAM module, and whatever pushes SSH authorized keys could also push MFA seeds. But IMO this would protect against very unusual attacks and annoy ssh agents users everywhere.

[throwawaymobule]

Doing MFA for ssh like that would satisfy some compliance issues, wherever that matters. Probably key+pass.

[siilikuin]

Lol. I actually use `ssh` with 2FA at my own job, I was just having some fun nerdsniping. You're right, it's very valuable for compliance reasons

[pjlegato]

SSH has supported MFA for decades: https://www.google.com/search?q=ssh+mfa