Using MFA for SFTP Proxy
Only users in enabled User Groups can use MFA for SFTP connections.
Kron PAM’s built-in MFA can be used as an enhanced security level for SFTP Proxy.
When you open an SFTP Client (WinSCP or FileZilla), you are prompted to enter your Kron PAM credentials to connect to the SFTP Proxy.
- For FileZilla connections: After logging in successfully with your credentials, you are prompted to enter an MFA token.
- For WinSCP connections: You enter Kron PAM credentials and MFA token on the same screen.
Also, SFTP clients have their own configurations for MFA usage. For instance, the logon type must be selected as interactive to enable MFA for a user. See the MFA Usage on FileZilla figure below.