[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] OpenSSH RequiredAuthentications2 publickey,password
- Subject: [ale] OpenSSH RequiredAuthentications2 publickey,password
- From: cluon at geeklabs.com (Mike Harrison)
- Date: Fri, 28 Dec 2012 18:47:20 +0000 (UTC)
- In-reply-to: <CAOy4VzfC2X-VuBdgqxd9Spb0q7B-ZMfVYW=ksnJa+hcfWXKROA@mail.gmail.com>
- References: <CADT30qVkRACQbMKHd_YUj9ZNY-98BaR3fXPjk=WzY6YttbJ7WQ@mail.gmail.com> <[email protected]> <CAAt=rgB4-Up9NMGJ6WubzoBN+L8k_hSXOmhC40S+R8GwW5ewKg@mail.gmail.com> <[email protected]> <CAOy4Vze0R6HQ_1uAj05hxKZ1XsiUS=3H1tOORvhbNHVvrWJ8pQ@mail.gmail.com> <[email protected]> <CAOy4VzfC2X-VuBdgqxd9Spb0q7B-ZMfVYW=ksnJa+hcfWXKROA@mail.gmail.com>
On Fri, 28 Dec 2012, David Tomaschik wrote:
> Some googling around the option name (RequiredAuthentications2) suggests that it is only in RH's patched version of OpenSSH, however a patch based on that
> should be included in OpenSSH 6.2. ?I look forward to that -- SSH keys are NOT 2-factor, despite what many people may say. ?There's no way to force someone
> to have an encrypted key, so the passphrase is not a 2nd factor. ?I'd like to see SSH key + pw become the standard.
Yep. Agreed. SSH key + PW should be a standard... I need to see if I can
make it happen for some debian/ubuntu systems we manage.
My worst nightmare with SSH key only is someone gets access to a
crucial physical (or virtual) box and creates havoc.
At a minumum: Geeky girlfriend/boyfriend hanging with housekeeper in
office building (a no-no, but I see it done) plays with a system left on..
At the extreme end; Intentional directed physical intrusion into an
office...
the problem with being paranoid is:
sometimes they really ARE out to get you (or your systems)