[PR #93] [MERGED] feat(security): add optional 2FA/MFA setup for SSH access #95

New issue

Closed

opened 2026-03-02 02:59:48 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 02:59:48 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/buildplan/du_setup/pull/93
Author: @buildplan
Created: 1/19/2026
Status: ✅ Merged
Merged: 1/19/2026
Merged by: @buildplan

Base: main ← Head: dev

📝 Commits (5)

0fc5512 add 2FA setup for SSH login
4f2d808 fix shellcheck warning
f57d509 refactor: make show_connection_options global for SSH connection display
dd633d4 checksum v0.80.0
e185976 version bumb and 2FA

📊 Changes

3 files changed (+220 additions, -63 deletions)

View changed files

📝 README.md (+7 -5)
📝 du_setup.sh (+212 -57)
📝 du_setup.sh.sha256 (+1 -1)

📄 Description

Key Changes:

Added configure_2fa function that sets up TOTP-based MFA for the user.
Configures SSH to require AuthenticationMethods publickey,keyboard-interactive. This enforces a "Key + Code" (or Key + Code + Password) requirement, preventing access if only the private key is compromised.
Generates and displays the QR code directly in the terminal (via qrencode).
Includes a "safe rollback" verification step: users must verify a successful login in a new terminal before changes are permanently applied.
Extracted show_connection_options from configure_ssh into a global helper function to support connection instructions in both SSH and 2FA setup stages.
Updated the final summary report to indicate 2FA status.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/buildplan/du_setup/pull/93 **Author:** [@buildplan](https://github.com/buildplan) **Created:** 1/19/2026 **Status:** ✅ Merged **Merged:** 1/19/2026 **Merged by:** [@buildplan](https://github.com/buildplan) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (5) - [`0fc5512`](https://github.com/buildplan/du_setup/commit/0fc5512279c3bc82d46754206e3ab421951a97f2) add 2FA setup for SSH login - [`4f2d808`](https://github.com/buildplan/du_setup/commit/4f2d808472eeda79e001d12ba54711410f83f567) fix shellcheck warning - [`f57d509`](https://github.com/buildplan/du_setup/commit/f57d5093b89af1f74510e4ffe94442609abd7172) refactor: make show_connection_options global for SSH connection display - [`dd633d4`](https://github.com/buildplan/du_setup/commit/dd633d46b625f36191c7227bde7c1778c70f6e2c) checksum v0.80.0 - [`e185976`](https://github.com/buildplan/du_setup/commit/e185976649598f87caf179e9e3c2bbc32074da00) version bumb and 2FA ### 📊 Changes **3 files changed** (+220 additions, -63 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+7 -5) 📝 `du_setup.sh` (+212 -57) 📝 `du_setup.sh.sha256` (+1 -1) </details> ### 📄 Description **Key Changes:** * Added `configure_2fa` function that sets up TOTP-based MFA for the user. * Configures SSH to require `AuthenticationMethods publickey,keyboard-interactive`. This enforces a "Key + Code" (or Key + Code + Password) requirement, preventing access if only the private key is compromised. * Generates and displays the QR code directly in the terminal (via `qrencode`). * Includes a "safe rollback" verification step: users must verify a successful login in a new terminal before changes are permanently applied. * Extracted `show_connection_options` from `configure_ssh` into a global helper function to support connection instructions in both SSH and 2FA setup stages. * Updated the final summary report to indicate 2FA status. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>