I'm wondering if there is a way to get a ssh server to allow interaction with the user such as Request for access?
I've found out some pam plugin allowing for 2FA but for now I can't found anything related to the request for access part. Having a pam plugin for 2FA means that at least limited interaction is possible, but what about a way to get a user to ask for access?
Are you aware of any plugin or development effort regarding this specific topic?
So long as the sshd daemon is configured to use PAM (beware of using public-keys, which may change how this works!) then this could be achieved with a (custom?) PAM plugin.
That would be likely to break any automation tools (ssh/scp/sftp in scripts, Ansible, etc) you have in place, so you should exercise a lot of caution in how you apply such a plugin. 2FA would probably be in the same boat here, at least to some extent (eg. an RSA token would only prompt if the user is assigned a token, I believe).
However, from an enterprise datacentre perspective, I would suggest that perhaps it would be better to revisit why you do this, as you would probably also like to record what the user is doing (at least, for some classes of user) and have some useful mechanism for reporting/auditing this.
And probably you would want to do similar things for things like web consoles and Windows RDP sessions.
And you probably want to do something with credentials, controlling access and rotating credentials routinely. This is something that comes up routinely in audits.
These are solved problems in the commercial security space. One vendor I’ve heard of that does all of this in one(?) package is CuberARK, and I know there is at least one other major player. I cannot vouch for any personally though as I haven’t used it.