From William Pursell@21:1/5 to All on Tue Nov 20 07:40:40 2018
Consider the situation in which a jumphost is configured with multi-factor authentication (mfa), and users access hosts behind the jumphost with agent forwarding. If ProxyJump (opsnssh) is enabled, users can go through the jumphost but in so doing
bypass the mfa. One potential "solution" is to disable ProxyJump. I'm hoping there is a better approach. Namely, perhaps a hook in ProxyJump that would trigger the mfa? Any suggestions on how to use ProxyJump with mfa that doesn't required enabling
the mfa on every host behind the jumpbox would be welcome.