Using ssh with Entra ID Oauth2 can we reduce how often authentication is required?
We've set up Oauth2 authentication for SSH via Red Hat Identity Manager using Microsft Entra ID as an IDP as per the documentation:
https://access.redhat.com/solutions/7073948
Resulting in an outcome very similar to as shown in the video here:
https://www.youtube.com/watch?v=NorXJN3tw3Q
The problem I'm having is that we have to jump through the click-the-link, enter-the-code, followed by the full Microsoft MFA authentication sequence every time someone logs in.
What I expected to happen was that there would be a persistent token, like a Kerberos token, that maintained the authentication for 'some time' or until it's invalidated, and that subsequent logins would work passwordlessly as per the demo in the video.
It doesn't seem to make any difference if someone's coming from Windows cmd.exe
, PowerShell, or a Linux/WSL shell.
Are there additional settings I need to add to the App Registration we created in Azure/Entra that authenticates the login that gets us the desired behaviour?