bugzilla-daemon at mindrot.org
2014-Dec-03 11:37 UTC
[Bug 2323] New: Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Bug ID: 2323 Summary: Two factor authentication with two different SSH keys Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: slavik.dan12 at gmail.com Hello, I would like to raise an enhacement request to OpenSSH. I need users to authenticate with two factors, both of them being different SSH keys. In current OpenSSH 6.2+ configuration this is done be setting AuthenticationMethods property to ?publickey,publickey? in sshd_config file. But the problem is that SSH Daemon does not check that different key was used as first and second factor. In other words, same key can be used twice. Thank You. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-11 03:50 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |ASSIGNED Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Created attachment 2516 --> https://bugzilla.mindrot.org/attachment.cgi?id=2516&action=edit Require multiple publickey entries in AuthenticationMethods use different keys Thanks for reminding me to do this - I've been planning it for a while. Here's a patch that implements it for -current. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-11 03:51 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2266 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-22 08:47 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Patch applied. This will be in openssh-6.8 - thanks! -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-18 07:16 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- openssh-6.8 is released -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 2398] New: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
- [Bug 2663] New: [man] sshd_config(5) AuthenticationMethods segment clarification, proposal and questions
- chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
- [PATCH] U2F support in OpenSSH
- [Bug 983] Required authentication