How can I enable both password and public key authentication with OpenSSH

ssh authentication password public-key
24,461

Solution 1

Not presently. But there are some patches floating around that are supposed to add this.

See https://bugzilla.mindrot.org/show_bug.cgi?id=983

Solution 2

This is finally available as of OpenSSH 6.2 (released March 2013), using the AuthenticationMethods configuration option.

For instance, you may add the following line to sshd_config to require both public-key and password authentication:

AuthenticationMethods publickey,password

When logging in, ssh and scp will first perform public-key authentication, and then prompt for a password:

$ ssh [email protected]
Authenticated with partial success.
[email protected]'s password:

If you have a password on your private key file, you will of course first be prompted for that. Example using PuTTY:

Using username "user".
Authenticating with public key "rsa-key-20131221-user"
Passphrase for key "rsa-key-20131221-user":
Further authentication required
[email protected]'s password:

Solution 3

OpenSSH in RHEL/CentOS 6.3 now supports this feature, although I can't find it mentioned in the OpenSSH release notes. From the RHEL release notes:

SSH can now be set up to require multiple ways of authentication (whereas previously SSH allowed multiple ways of authentication of which only one was required for a successful login); for example, logging in to an SSH-enabled machine requires both a passphrase and a public key to be entered. The RequiredAuthentications1 and RequiredAuthentications2 options can be configured in the /etc/ssh/sshd_config file to specify authentications that are required for a successful log in. For example:

   ~]# echo "RequiredAuthentications2 publickey,password" >> /etc/ssh/sshd_config

For more information on the aforementioned /etc/ssh/sshd_config options, refer to the sshd_config man page.

Share:
24,461

Related videos on Youtube

surprise_
Author by

surprise_

Programmer

Updated on September 17, 2022

Comments

  • surprise_
    surprise_ over 1 year

    I would like for sshd to verify the users' public key and then prompt for their password, rather than just one or the other. Is this possible?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH authentication: either SSH keys or one time password
How do I create one user without key authentication?
Can't SSH in as root
How can I allow SSH password authentication from only certain IP addresses?
Unable to login to host via ssh, just see 'Connection closed' in authlog
How to setup ssh, key-based ("password-less") logins to a Linux/MacOSX sshd server via Windows, Linux, or MacOSX clients?
SSH Not Accepting Public Key
SSH key authentication with another user
How to make ssh connection between servers using public-key authentication
Authentication Order with SSH