[Gllug] ssh authentification

Benjamin Donnachie benjamin at py-soft.co.uk
Tue Jul 18 13:11:15 UTC 2006


Dylan wrote:
> Is it possible to configure ssh to require BOTH the public key and a password 
> when accessed from outside the local network?

Are you using OpenSSH?  With the match keyword patch[1] you might be
able implement something with PAM - with internal IPs only requiring
public key authentication, but all others additionally going through PAM?

Then add an appropriate module to /etc/pam.d/sshd, or maybe write your
own?  Though the module would need to work on the PAM account or session
layers as the public key would take care of authentication...  I'm not
sure this would work and it would definitely need further testing.

What are you seeking to achieve?  Perhaps some other solution with the
match keyword patch whereby internally public keys are sufficient
(whether password or not) and externally you're required to use a
password?  One time passwords for extra security?

Ben

[1] http://bugzilla.mindrot.org/show_bug.cgi?id=1180
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list