[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] OpenSSH RequiredAuthentications2 publickey,password

Subject: [ale] OpenSSH RequiredAuthentications2 publickey,password
From: jdp at algoloma.com (JD)
Date: Sat, 29 Dec 2012 10:30:33 -0500
In-reply-to: <CAEo=5PxjVQgqJOwveOrSLbv2gNZ89ad_JCaU4c-3k1OSGpcOSA@mail.gmail.com>
References: <CADT30qVkRACQbMKHd_YUj9ZNY-98BaR3fXPjk=WzY6YttbJ7WQ@mail.gmail.com> <[email protected]> <CAAt=rgB4-Up9NMGJ6WubzoBN+L8k_hSXOmhC40S+R8GwW5ewKg@mail.gmail.com> <[email protected]> <CAOy4Vze0R6HQ_1uAj05hxKZ1XsiUS=3H1tOORvhbNHVvrWJ8pQ@mail.gmail.com> <[email protected]> <CAOy4VzfC2X-VuBdgqxd9Spb0q7B-ZMfVYW=ksnJa+hcfWXKROA@mail.gmail.com> <CAEo=5PwFU7v+_5EiaCWmQEWq9GF4NYW_=KA1VEDTw3AGPEeJvQ@mail.gmail.com> <CAOy4Vzc_WTc-5ShdOu9oxN3ssot-8Lr8e5YfZ-PwsWaVJWYBVw@mail.gmail.com> <CAEo=5PxjVQgqJOwveOrSLbv2gNZ89ad_JCaU4c-3k1OSGpcOSA@mail.gmail.com>

Anyone using the "Match" config setting in their sshd_config files to specify
other keywords like AllowTcpForwarding, ChrootDirectory, ForceCommand,
KerberosAuthentication?

Every time I re-read the sshd_config man page, some new tidbit gets illuminated.

On 12/29/2012 09:56 AM, Jim Kinney wrote:
> On Sat, Dec 29, 2012 at 2:21 AM, David Tomaschik
> <david at systemoverlord.com> wrote:
>> On Fri, Dec 28, 2012 at 4:11 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>>>
>>> In days past I looked a generating a script that runs ssh-add on user
>>> keys. Any keys that add to ssh-agent without password request will get
>>> edited to include a '!' as the first character of the key. An email is
>>> generated that informs the (l)user of the security requirements and
>>> what was changed. Second offense deletes the key.
>>
>>
>> While that sounds great, it assumes you have control over the client
>> machine.  That's not a valid assumption in a lot of cases.
> 
> True. As the remote end was under my control, I could require
> connections from known users in a controlled environment.
> 
> Maybe the ssh connection protocol needs a flag on key use that
> indicates whether the key uses a secondary auth method, password, CAC
> card, etc.

References:
- [ale] Holy cow! Published in Slashdot!!
  - From: hooterpincher at gmail.com (Charles Shapiro)
- [ale] Holy cow! Published in Slashdot!!
  - From: mbt at naunetcorp.com (Michael B. Trausch)
- [ale] Holy cow! Published in Slashdot!!
  - From: james.sumners at gmail.com (James Sumners)
- [ale] Holy cow! Published in Slashdot!!
  - From: cluon at geeklabs.com (Mike Harrison)
- [ale] Holy cow! Published in Slashdot!!
  - From: david at systemoverlord.com (David Tomaschik)
- [ale] OpenSSH RequiredAuthentications2 publickey,password
  - From: cluon at geeklabs.com (Mike Harrison)
- [ale] OpenSSH RequiredAuthentications2 publickey,password
  - From: david at systemoverlord.com (David Tomaschik)
- [ale] OpenSSH RequiredAuthentications2 publickey,password
  - From: jim.kinney at gmail.com (Jim Kinney)
- [ale] OpenSSH RequiredAuthentications2 publickey,password
  - From: david at systemoverlord.com (David Tomaschik)
- [ale] OpenSSH RequiredAuthentications2 publickey,password
  - From: jim.kinney at gmail.com (Jim Kinney)

Prev by Date: [ale] [OT: Tech need in Lawrenceville]
Next by Date: [ale] First look at Winders 8
Previous by thread: [ale] OpenSSH RequiredAuthentications2 publickey,password
Next by thread: [ale] Holy cow! Published in Slashdot!!
Index(es):
- Date
- Thread