[ale] OpenSSH RequiredAuthentications2 publickey,password
Mike Harrison
cluon at geeklabs.com
Fri Dec 28 13:47:20 EST 2012
On Fri, 28 Dec 2012, David Tomaschik wrote:
> Some googling around the option name (RequiredAuthentications2) suggests that it is only in RH's patched version of OpenSSH, however a patch based on that
> should be included in OpenSSH 6.2. I look forward to that -- SSH keys are NOT 2-factor, despite what many people may say. There's no way to force someone
> to have an encrypted key, so the passphrase is not a 2nd factor. I'd like to see SSH key + pw become the standard.
Yep. Agreed. SSH key + PW should be a standard... I need to see if I can
make it happen for some debian/ubuntu systems we manage.
My worst nightmare with SSH key only is someone gets access to a
crucial physical (or virtual) box and creates havoc.
At a minumum: Geeky girlfriend/boyfriend hanging with housekeeper in
office building (a no-no, but I see it done) plays with a system left on..
At the extreme end; Intentional directed physical intrusion into an
office...
the problem with being paranoid is:
sometimes they really ARE out to get you (or your systems)
More information about the Ale
mailing list