Displaying 20 results from an estimated 77 matches for "authenticationmethod".
Did you mean:
authenticationmethods
2017 Jan 09
2
[Bug 2663] New: [man] sshd_config(5) AuthenticationMethods segment clarification, proposal and questions
https://bugzilla.mindrot.org/show_bug.cgi?id=2663
Bug ID: 2663
Summary: [man] sshd_config(5) AuthenticationMethods segment
clarification, proposal and questions
Product: Portable OpenSSH
Version: 7.2p2
Hardware: Other
OS: Linux
Status: NEW
Keywords: low-hanging-fruit
Severity: enhancement
Priority: P5...
2014 Jun 19
1
AuthenticationMethods in sshd_config accepting empty method list
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone,
I just came across a contradiction between the man page of AuthenticationMethods and the accepted
methods list.
According to the sshd_config manual page:
"""
AuthenticationMethods
Specifies the authentication methods that must be successfully completed for a user to be granted
access. This option must be followed by one or more comma-separated lists of authent...
2024 Jan 18
2
[Bug 3657] New: AuthenticationMethods any apparently not possible after previous non-any assignment
https://bugzilla.mindrot.org/show_bug.cgi?id=3657
Bug ID: 3657
Summary: AuthenticationMethods any apparently not possible
after previous non-any assignment
Product: Portable OpenSSH
Version: 8.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ss...
2015 May 13
11
[Bug 2398] New: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
https://bugzilla.mindrot.org/show_bug.cgi?id=2398
Bug ID: 2398
Summary: AuthenticationMethods doesn't have default value
(inconsistency) and it accept empty value
Product: Portable OpenSSH
Version: 6.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Co...
2014 Sep 04
3
[Bug 2270] New: AuthenticationMethods - partial success is considered as failure
https://bugzilla.mindrot.org/show_bug.cgi?id=2270
Bug ID: 2270
Summary: AuthenticationMethods - partial success is considered
as failure
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: u...
2015 Nov 19
4
[Bug 2502] New: using AuthenticationMethods to require s/key and pam doesn't work
https://bugzilla.mindrot.org/show_bug.cgi?id=2502
Bug ID: 2502
Summary: using AuthenticationMethods to require s/key and pam
doesn't work
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: un...
2016 Jul 22
3
Multifactor authentication troubles
I'm writing a PAM module to do authentication through Signal (as in Open
Whisper Systems) [1]. I would like to be able to offer
(Public key AND Signal) or (Password AND Signal)
for authentication. This suggests setting AuthenticationMethods to
publickey,keyboard-interactive:pam password,keyboard-interactive:pam
However, when PAM is enabled "password" means "show password prompt,
then do PAM", which is a problem because my PAM does Signal auth, not
password auth, and the above results in all login attempts failin...
2015 Aug 25
19
[Bug 2453] New: Document authentication method "none" for AuthenticationMethods
https://bugzilla.mindrot.org/show_bug.cgi?id=2453
Bug ID: 2453
Summary: Document authentication method "none" for
AuthenticationMethods
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter:...
2019 Jun 25
4
Requiring certificate signature and an authorized key to authenticate
...the user has a key that has been signed by a trusted user CA *and* is listed separately as an authorised key (or the user has a signed key and a different authorised key)?
The closest I've come is having an `authorized_keys` file have two entries consisting of the CA key and a normal key with `AuthenticationMethods: publickey,publickey` option set, so that sshd requires that a user produces both the normal key and a signed key. This works, but means a user can't then have multiple keys (e.g. one per device), and feels somewhat brittle in that adding a key to that file breaks the requirement that the user...
2012 Nov 22
1
AuthenticationMethods option.
Hi.
I can see that SSH partial success functionality was implemented very
recently in the OpenSSH server. That's great news.
I just tried it and I don't seem to be able to make it work with both
public key authentication and password authentication through PAM.
I wonder if this is a bug or something that won't be implemented for now
or if this is still WIP and I should be more
2020 Jun 03
7
Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
I don't see a way to do this currently (unless I am missing something)
but I would like to be able to specify, that in order for a user to
login, they need to use at least 1 public key from 2 separate key
sources.? Specifically this would be when using "AuthenticationMethods
publickey,publickey".? Right now requiring 2 public keys for
authentication will allow 2 public keys from any authorized key source
specified without distinction.? I would like a way to say, require 1 key
from source A and 1 key from source B.
Like if there was a way to specify something...
2014 Dec 18
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
...yes
>> + KbdInteractiveAuthentication yes
>> ...
>>
>> and restart the daemon
>
> You've missed the crucial part to require multiple authentication
> methods succeed before the user is considered authenticated:
>
> AuthenticationMethods publickey,keyboard-interactive
>
Ahh... I wasn't even aware of that option.
Robert Pendell
shinji at elite-systems.org
A perfect world is one of chaos.
2012 Nov 01
5
[Bug 983] Required authentication
...|djm at mindrot.org
--- Comment #58 from Damien Miller <djm at mindrot.org> ---
Created attachment 2192
--> https://bugzilla.mindrot.org/attachment.cgi?id=2192&action=edit
new multiple required authentication methods patch
Here's a patch I'm working on. It adds an AuthenticationMethods option
that lists the possible paths to successful authentication. E.g.
AuthenticationMethods publickey,password gssapi-with-mic,password
publickey,keyboard-interactive
When attempting to authenticate, only methods that are at the start of
one of the paths listed will be offered. Each successful...
2013 May 13
3
[PATCH] Specify PAM Service name in sshd_config
Hello All,
The attached patch allows openssh to specify which pam service name to
authenticate users against by specifying the PAMServiceName attribute in
the sshd_config file. Because the parameter can be included in the Match
directive sections, it allows different authentication based on the Match
directive. In our case, we use it to allow different levels of
authentication based on the
2014 Dec 24
2
[PATCH] U2F support in OpenSSH
...f key
format.
The new u2f authentication mechanism can operate in two modes, specified
by the client with the U2FMode option: registration (necessary once per
U2F security key) or authentication (the default).
Since U2F is a two-factor authentication mechanism, you should never use
it as the sole AuthenticationMethod. Therefore, whenever you enable
U2FAuthentication, please also set AuthenticationMethods on the server.
As an example, add the following to your sshd_config:
U2FAuthentication yes
AuthenticationMethods publickey,u2f
(This assumes that you always enter your passphrase for the pubkey,
otherwis...
2020 Jul 26
2
Automatic FIDO2 key negotiation (request for comments)
On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote:
> On Mon, 20 Jul 2020, Jordan J wrote:
[...]
> > Firstly, would the following or some combination thereof be
> > possible or is there an obvious impediment. Secondly, if it proved
> > possible are the maintainers open to a patch providing it?
> >
> > 1. Update the SSH ecdsa-sk public key type to contain the
2015 May 12
22
[Bug 2397] New: Match block doesn't match negated addresses
...we got some report about sshd_config documentation and
behaviour in corner cases. One of the problems found during the
analysis was that when using Match blocks, we are unable to match
negated addresses.
In this example, the block is *never* matched:
[root at r6 ~]# tail -n 3 /etc/ssh/sshd_config
AuthenticationMethods password
Match Address !1.2.3.4
AuthenticationMethods publickey,password
[root at r6 build]# sshd -TC user=none,host=myhost,addr=1.2.3.4 | grep
authenticationmethods
authenticationmethods password
[root at r6 build]# sshd -TC user=none,host=myhost,addr=1.2.3.5 | grep
authenticationmethods
aut...
2016 Feb 18
2
Let PAM know about accepted pubkey?
Hi,
first of: my familiarity with OpenSSH/Pam code-base is very limited..
Please excuse me if some of this does not make any sense or seems stupid!
I'm investigating if it is possible for a PAM module to find out which
public key was accepted (when 'AuthenticationMethods
publickey,keyboard-interactive' is used). From my digging in the source,
it seems it is currently not.
Would it be possible to provide this information? Maybe using
do_pam_putenv()? Would there be any security implications of doing this?
The reason I'm asking is that I'm looking i...
2020 Oct 23
3
"Semi-Trusted" SSH-Keys that also require PAM login
...idea was to use SSH keys but to also require the server's PAM login for these "semi-trusted" keys. But of course,
>> I want to trust the keys on my own laptop and desktop without an additional PAM password. Therefore, I cannot simply use
>> something like
>>
>> AuthenticationMethods publickey,password
>
> Since the main difference here is how much you trust the originating host,
> you might want to consider setting up host-based authentication for those
> hosts and using a config like:
>
> AuthenticationMethods publickey,password publickey,hostbased
>...
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
...yes
PubkeyAuthentication yes
+ PubkeyAuthentication no
PasswordAuthentication no
...
EnableSSHKeysign yes (note: this had already been 'in there' --- just further down in the config)
...
server sshd_config
...
- AuthenticationMethods hostbased,publickey
+ AuthenticationMethods hostbased
HostbasedAuthentication yes
- HostbasedUsesNameFromPacketOnly yes
+ #HostbasedUsesNameFromPacketOnly yes
- PubkeyAuthentication yes
+ PubkeyAuthentication no
Passwo...