I would like to add a level of security for logins to an SSH server (Ubuntu), using two factor authentication. One particularity on how the users connect to the SSH server is that sometimes they do it in a non-interactive way: the SSH server is configured in the users' MySQL client to be used as a bastion/proxy to reach a database. As a consequence I'm looking for 2FA setups that don't require the user to type anything in a terminal.
One existing solution that sounds promising in theory is Google's phone prompt allowing the user to validate the connection. Every SSH user would be associated with a phone number and this phone number would receive a prompt to validate on each connection.
An obvious downside to this idea is that it sounds like it would require the development of a phone app, which would make it way too complicated and expensive. Are there other techniques that I could use to allow users to validate non-interactive SSH logins?
