[ale] OpenSSH RequiredAuthentications2 publickey,password
Mike Harrison
cluon at geeklabs.com
Thu Dec 27 19:39:43 EST 2012
David:
>I'm not aware of any way to configure OpenSSH to ask for multiple
>authentication factors. You can fudge it with PAM (password + otp, for
>example) but not with anything involving public
>keys. (Unless something has changed since I looked ~1 year ago at my last job.)
Good disclaimer, :) Best example I found is listed below,
and while it's new to OpenSSH, it's been around in other versions
(ssh.com) Look like two factor auth has been added to OpenSSH in certain
versions. It does not work on my Bodhi Linux system. (OpenSSH_5.9p1
Debian-5ubuntu1)
It also does not show up in the official docs:
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5
I've got a Redhat system I can test in the office... and will do when I
can....
-------------------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=657378
Fixed In Version: openssh-5.3p1-80.el6
Doc Type: Enhancement
Doc Text:
Multiple required methods of authentications for sshd SSH can now be set
up to require multiple ways of authentication (whereas previously SSH
allowed multiple ways of authentication of which only one was required for
a successful login); for example, logging in to an SSH-enabled machine
requires both a passphrase and a public key to be entered. The
RequiredAuthentications1 and RequiredAuthentications2 options can be
configured in the /etc/ssh/sshd_config file to specify authentications
that are required for a successful log in. For example: ~]# echo
"RequiredAuthentications2 publickey,password" >> /etc/ssh/sshd_config For
more information on the aforementioned /etc/ssh/sshd_config options, refer
to the sshd_config man page.
More information about the Ale
mailing list