On Thu, 2017-09-21 at 15:21 -0400, Konstantin Ryabitsev wrote:
> Hello, all:
> 
> Is there any mechanism to add some kind of 2-factor authentication
> mechanism either via:
> 
> a. additional prompting for a HOTP/TOTP key sequence similar to how
> openvpn allows doing auth-user-pass in addition to certificate-based
> authentication

Remember things like Yubikeys can do [HT]OTP in hardware. Not as HID
but actually generating the OTP on demand via PCSC.

> b. some way to use PGP Auth keys with wireguard so that keys stored on
> GnuPG-capable smartcards can be used for establishing a VPN connection.

PKCS#11 might be a better choice than PGP.

> c. (some other means)