[Gllug] ssh authentification

Richard Jones rich at annexia.org
Tue Jul 18 09:19:20 UTC 2006

On Tue, Jul 18, 2006 at 12:38:19AM +0100, Dylan wrote:
> Is it possible to configure ssh to require BOTH the public key and a
> password when accessed from outside the local network?

What's the threat you're trying to prevent here?  It sounds to me a
bit like a misguided corporate policy requiring users to use passwords
to access your network.

If the threat is that someone could steal a laptop containing a
private key and access the network, then put a passphrase on that key.
You should really do this anyway.

If the threat is that someone might try to access the network from an
unauthorised device (eg. a compromised Windoze PC in an internet cafe
or at home) using just a password, then public keys will stop that.
Unless people are clever & stupid enough to copy the private key to
the unauthorised device, but then there's no way to stop that short of
some sort of trusted computing setup.


Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list