bugzilla-daemon at mindrot.org
2014-Dec-03 11:37 UTC
[Bug 2323] New: Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323
Bug ID: 2323
Summary: Two factor authentication with two different SSH keys
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: slavik.dan12 at gmail.com
Hello, I would like to raise an enhacement request to OpenSSH. I need
users to authenticate with two factors, both of them being different
SSH keys. In current OpenSSH 6.2+ configuration this is done be setting
AuthenticationMethods property to ?publickey,publickey? in sshd_config
file. But the problem is that SSH Daemon does not check that different
key was used as first and second factor. In other words, same key can
be used twice. Thank You.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-11 03:50 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |ASSIGNED
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2516
--> https://bugzilla.mindrot.org/attachment.cgi?id=2516&action=edit
Require multiple publickey entries in AuthenticationMethods use
different keys
Thanks for reminding me to do this - I've been planning it for a while.
Here's a patch that implements it for -current.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-11 03:51 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2266
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Dec-22 08:47 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Patch applied. This will be in openssh-6.8 - thanks!
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Mar-18 07:16 UTC
[Bug 2323] Two factor authentication with two different SSH keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2323
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
openssh-6.8 is released
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2398] New: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
- [Bug 2663] New: [man] sshd_config(5) AuthenticationMethods segment clarification, proposal and questions
- chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
- [PATCH] U2F support in OpenSSH
- [Bug 983] Required authentication