|
|
|
|
|
|
by thwarted
4640 days ago
|
|
|
If you can force authentication via both private key and a password, then you're authenticating via both "something you have" (the key), and "something you know" (the password). Having a passphrase on the key protects access to the key, but it doesn't provide any additional levels of authentication to the (remote) system that is requesting authentication — after all, the user could have removed the passphrase from the key file, there's no way for the remote system to know. Unfortunately, there doesn't seem to be a way to require both a key and a passphrase to be entered. There may be a way to do it with some (custom?) pam configuration/modules, but as far as I know, nothing in sshd itself. |
|
|