Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-50092: Is it Possible to Bypass MFA for SFTP But Still Require MFA for SSH Login?

Authentication Service ,  

15 March,21 at 08:01 PM

Is it possible to setup Centrify DirectControl such that a user that is logging into a Linux machine through the Centrify OpenSSH Daemon is required to use MFA (Multiple Factor Authentication) but is NOT required to use MFA when running an SFTP  client?

No.  The MFA requirement follows the user account.  When the sshd is called to do login authentication or SFTP, the MFA process is invoked before sshd invokes the SFTP-server to perform the SFTP function.  MFA is required in both cases.  The sshd does not distinguish between logging in to a secure shell and connecting for SFTP.