How to configure several U2F devices

sammyjenkins

New Member
Oct 3, 2019
16
0
1
30
Hello,

Is it possible (if yes, how to do so) to configure several u2f devices for 1 user in proxmox?

Thank you
Best regards
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
7,859
948
163
33
Vienna
no currently not, only one device/tfa method per user
what would be the use case for registering multiple devices? (maybe we can implement it if it is useful)
you can always open an enhancement request here: https://bugzilla.proxmox.com
 

sammyjenkins

New Member
Oct 3, 2019
16
0
1
30
no currently not, only one device/tfa method per user
what would be the use case for registering multiple devices? (maybe we can implement it if it is useful)
you can always open an enhancement request here: https://bugzilla.proxmox.com
In case one device is lost I wouldn't lose access to the web-interface. I just can revoke access with the first device and use the second (backup) one.
 

janssensm

Well-Known Member
Dec 18, 2016
211
66
48
In case one device is lost I wouldn't lose access to the web-interface. I just can revoke access with the first device and use the second (backup) one.

The only use case from security view I can see for multiple tokens is when u2f tokens are mandatory, but at this moment I don't see an option to set that. So it's a users choice or an account specific preconfig by an admin.
If I understand right, the root account on a node can always delete a u2f token for another user account.
If you would like to have as much self support for VM users without intervention of an administrator of the root account (or another account with sufficient permissions) then multiple tokens would be handy, because a user without those permissions would have to ask for help when the u2f hardware key got lost or damaged.

When looking at other platforms allowing multiple u2f tokens, such as gitlab or gitea, users are presented recovery or scratch codes, whitch Proxmox doesn't have. So fallback on Proxmox seems to be to use the root account to correct the u2f token, and fallback is important.
 
Last edited:
  • Like
Reactions: fabian

janssensm

Well-Known Member
Dec 18, 2016
211
66
48

Jackster

Member
Nov 12, 2014
22
0
21
Sorry to necro but I just ran across this issue with my deployment.
Not only do I have two U2F keys, but also a 2FA. Would be nice to have 2FA and U2F.

If I lose my phone, at least I have my master and general use U2F available to get me in.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!