How to by-pass 2FA with Google authenticator when loging into remote server via ssh

Swedish_Physicist

3/22/24, 11:21 AM

I'm part of a research team where we have to do many simulations on several remote servers. The feebleminded server maintenance team has set up a Google authenticator-based 2FA whenever we log in to the server along with ssh. This is annoying on many levels as we have to enter the 6-digit code whenever we log in, and even worse whenever we transfer files using scp. This is decreasing productivity as we have to continuously move hundreds of files per day between machines and entering a 6-digit code at each step is detrimental to productivity. Is there any way we can disable this or work around this? The server and the host are both running Ubuntu.

N.B.; this 2FA method is annoying beyond words, and I'm willing to sacrifice security to eliminate it.

0 + 9

ssh

scp

Jos

3/22/24, 11:23 AM

I suppose you can't just ask the maintenance team to disable it?

Swedish_Physicist

3/22/24, 11:26 AM

Tried that already. Almost all of the users have raised complaints on multiple occasions. the IT department insist this is the 'safe' option.

Jos

3/22/24, 11:40 AM

On [this page](https://www.nsc.liu.se/support/2fa/power-user/) I found two loopholes. One is to use a persistent "master connection" so other connections may be made without 2FA. The other is to apply for an unattended login, requiring special approval. Does that help?

Swedish_Physicist

3/22/24, 11:57 AM

Thanks, I already tried that. The server is rejecting the login even after entering the OTP when this is set-up.

David

3/22/24, 12:01 PM

I do not see how this as written has anything to do with the Ubuntu OS. The only thing this site addresses.

Swedish_Physicist

3/22/24, 12:04 PM

Hi, both the ends are running Ubuntu OS.

user535733

3/22/24, 12:04 PM

It's inappropriate of us to help you defeat your organization's IT policies. Escalate the issue within your organization's management instead. This is not a problem amenable to a technical support solution.

matigo

3/22/24, 3:16 PM

If you are using someone else's servers, it's important to follow someone else's rules. However, if you run your own servers ... even if they're slower ...

zwets

3/23/24, 1:01 AM

Assuming your client is Linux too, and runs an ssh server, for scp the solution would be to run scp on the remote server and pull from your local server. If your local server is not routable from the remote server (but does run an ssh server), set up a reverse tunnel (see the `-R` option for ssh) from a free port on the remote server to your local port 22, then scp over that. Neither compromises security. It's not ideal, but that 2FA is there for a reason.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to by-pass 2FA with Google authenticator when loging into remote server via ssh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.