Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-50092: Is it Possible to Bypass MFA for SFTP But Still Require MFA for SSH Login?

Authentication Service ,  

15 March,21 at 08:01 PM

Question:
  
Is it possible to setup Centrify DirectControl such that a user that is logging into a Linux machine through the Centrify OpenSSH Daemon is required to use MFA (Multiple Factor Authentication) but is NOT required to use MFA when running an SFTP  client?

Answer:
  
No.  The MFA requirement follows the user account.  When the sshd is called to do login authentication or SFTP, the MFA process is invoked before sshd invokes the SFTP-server to perform the SFTP function.  MFA is required in both cases.  The sshd does not distinguish between logging in to a secure shell and connecting for SFTP.