[Security Request] Fix SSH bypass of 2-factor

Let me first say setting up the Umbrel is great! It’s incredibly easy compared to a lot of products on the market. There is something I would like to flag however:

After setting 2-factor authentication I noticed that it is essentially bypassed via SSH. This makes setting 2-factor basically security theater, and implementation should be relatively easy.

Appreciate your time and efforts!

I haven’t done this with umbrel but with my websites and tor nodes I turned off password authentication and enable RSA authentication key only.

Its rather simple to do.

But before you completely turn off password authentication make sure your key pair works.

do a search for
how to set up ssh rsa key authentication raspberry pi

and pick a method that works for you.
it only takes 5 minutes and a few steps.
And then you can log in ssh without a password on any machine with your private key.

Maybe wait for someone else to chime in on why it wouldnt be a great idea for a umbrel node.

I cant think of why it woudlnt be fine.

Remember physical access kills your security. And honestly nobody should be able to get to your node via ssh unless you have that port open on your router

I believe you are missing the point. There are many ways to improve security and lock down any device manually. The point is that if your going to set the ssh pass automatically to the user entered password a user would reasonably expect you would also set two factor authentication once enabled as well. I’m speaking to the onboarding process and not whats possible for savvy users but something that would benefit users without that knowledge. Because it only takes “5 minutes and a few steps” is exactly why i’m calling it out as a potential improvement to the OS.

Ahh i see your point.

Then again who would be opening port 22 from a there router to allow a remote ssh session to occur?

Even more so if they are not tech savvy.

Maybe I am missing something but you can’t ssh in remotely without port 22 being opened a router and forwarding to the umbrel node. That would need to be intentional on the users end.

Again pointing towards the physical access I mentioned previously.

At least Ill be following to see what others say. Im interested anyways as Ive never seen a TOTP based ssh log in.

Following your logic, why would one have two factor at all? One would be even less likely to open port 80 over clear text where the two factor actually happens. My point is only that if your going to have two factor authentication enabled then enable it wherever you are authenticating and you will at the very least be meeting a baseline of user expectation.

here’s an example: