I'm running a small script when a user accesses my Linux host via SSH. This script should verify and/or set up Google Authenticator MFA access for the user.
Right now it works as intended with one caveat - at any moment during the MFA configuration process, if the user (ie) CTRL+C's, the setup wizard is interrupted, but the SSH session continues. I need it to log out the user trying to access.
How can I achieve this?
This is what I have added at the bottom of my .bashrc
file (please note that this is very new to me and that I'm open to criticism/improvements on my current attempt).
# MFA validation/configuration
if [[ -n $SSH_CONNECTION ]] ; then
echo "SSH connection to remote host successful."
echo "testing if MFA is configured..."
# is this test enough?
file="$HOME/.google_authenticator"
if [ -f "$file" ] ; then
printf "MFA configured, you may proceed.\n"
else
printf "MFA not configured; running setup wizard.\n"
# the command runs, but the else bit is never reached
if google-authenticator ; then
# I reach this point if I go to the end of the wizard
echo "MFA setup successful"
else
# this point is never reached
echo "MFA setup failed - logging you out"
exit
fi
fi
fi