by default it tries key first then password if not turned off. So valid key works and if no key offered password ok.<br><br>There is no way within ssh to require both other than as Charles said, password on they key. But that's all at the client end unless using a key management system that escrows priv keys (badbadbad!!!).<br>
<br><div class="gmail_quote">On Wed, Jul 20, 2011 at 11:36 AM, Charles Shapiro <span dir="ltr"><<a href="mailto:hooterpincher@gmail.com">hooterpincher@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
You can associate a password with an ssh key.<br>
<br>
-- CHS<br>
<div><div></div><div class="h5"><br>
<br>
On Wed, Jul 20, 2011 at 11:33 AM, Neal Rhodes <<a href="mailto:neal@mnopltd.com">neal@mnopltd.com</a>> wrote:<br>
> On a recent Fedora system, running fail2ban and sshd not allowing root<br>
> logins, I still get a certain number of failed ssh attempts every day.<br>
> This is not a particular attractive target to attack.<br>
><br>
> Is it possible to configure sshd to require both the public/private key AND<br>
> a password to get in? It looks like the various flavors of Connectbox<br>
> support public/private key, and while perhaps not full blown 2 factor<br>
> authentication, it would eliminate the possibility of a successful guessing<br>
> attack, (won't have key) and if I lost my phone or tablet with the key, the<br>
> person with the tablet couldn't get in without the password.<br>
><br>
> If so, any pointers to a recipe? sshd_config isn't quite replete with<br>
> examples.<br>
><br>
> Neal Rhodes<br>
> MNOP Ltd<br>
</div></div>> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>-- <br>James P. Kinney III<br><br>As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as
they please, and those who survive will be left to contemplate the
outcome.<br>- <i><i><i><i>2011 Noam Chomsky<br><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i><br>