Two-factor auth is painful. Secure? Yes. Necessary? Yes. But, painful. Using the ssh config option
ControlMaster can ease the pain a bit if you like to work with multiple SSH sessions to the login nodes.
ControlMaster is an ssh client option that will create a socket file which allows the initial ssh connection to a host be reused and optionally persist after the initial session has disconnected. In practice this means the first connection to a host will be authenticated normally, with password, GSSAPI, two-factor, etc., as required, but subsequent connections will simply reuse the initial connection without requiring authentication.
Add the following to end of
~/.ssh/config, if that file doesn’t exist then create it with permissions 0600, e.g.,
touch ~/.ssh/config; chmod 0600 ~/.ssh/config.
Host * # Have ControlMaster do the Right Thing(tm) ControlMaster auto # Put the socket file here. Optionally create a directory # for these and adjust this accordingly. ControlPath ~/.ssh/%r@%h:%p # If the initial and all other sessions exit, keep the # hold controlmaster open for 300 seconds before closing. ControlPersist 300s
Once that is in place, ssh to a host, open a second terminal and ssh to the same host and it should connect without prompting for authentication.