[ale] Possible to configure sshd to require key AND password?

Jim Kinney jim.kinney at gmail.com
Wed Jul 20 11:42:03 EDT 2011


by default it tries key first then password if not turned off. So valid key
works and if no key offered password ok.

There is no way within ssh to require both other than as Charles said,
password on they key. But that's all at the client end unless using a key
management system that escrows priv keys (badbadbad!!!).

On Wed, Jul 20, 2011 at 11:36 AM, Charles Shapiro
<hooterpincher at gmail.com>wrote:

> You can associate a password with an ssh key.
>
> -- CHS
>
>
> On Wed, Jul 20, 2011 at 11:33 AM, Neal Rhodes <neal at mnopltd.com> wrote:
> > On a recent Fedora system, running fail2ban and sshd not allowing root
> > logins,    I still get a certain number of failed ssh attempts every day.
> > This is not a particular attractive target to attack.
> >
> > Is it possible to configure sshd to require both the public/private key
> AND
> > a password to get in?   It looks like the various flavors of Connectbox
> > support public/private key, and while perhaps not full blown 2 factor
> > authentication, it would eliminate the possibility of a successful
> guessing
> > attack, (won't have key) and if I lost my phone or tablet with the key,
> the
> > person with the tablet couldn't get in without the password.
> >
> > If so, any pointers to a recipe?   sshd_config isn't quite replete with
> > examples.
> >
> > Neal Rhodes
> > MNOP Ltd
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III

As long as the general population is passive, apathetic, diverted to
consumerism or hatred of the vulnerable, then the powerful can do as they
please, and those who survive will be left to contemplate the outcome.
- *2011 Noam Chomsky

http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110720/1c1222bc/attachment.html 


More information about the Ale mailing list