Authentication type per user



Hi, using OpenSSH 4.5, protocol 2.0 on Intel platform Linux 2.6.X

What I want to do is has per-user authentication types. The system default
is to do public key authentication, however, some users don't understand the
concept of carrying around a private key or creating one, so I would like
those users to use password authentication. Unfortunately, after using a
"match user" in my sshd_config, I was not allowed to add
"PasswordAuthentication yes". Anyone know how to overcome this?

As for my second issue for today, I was wondering how one might do the
following: publickey authentication followed by password authentication. I
have enabled both in my sshd_config, but it seems that only one is used to
authenticate at a time, as though a user can choose what to use. I want it
so both are required to get in, so the login screen might look like so:

login as: dude
Authenticating with public key "James_Stickland"
Passphrase for key "James_Stickland":
Password:
Last login: .........
shell#

I was able to do such a thing with various commercial SSH daemons. Thanks
for any help.



Relevant Pages

  • [Full-disclosure] [GOATSE SECURITY] Clench: Goatses way to say "screw you" to certificate author
    ... Application layer authentication-inherent validation of public key ... Goatse Security’s new simple password-based authentication mechanism ... getting hundreds of thousands or millions of users to install a client ... client hashes locally and then sends the hash to the server. ...
    (Full-Disclosure)
  • Re: IPSEC with non-domain Server
    ... with kerberos performing digital signature validation using the on-file ... public keys for "something you have" authentication. ... there is a business process defined called public key ... ... the total stranger has gone to a certification ...
    (microsoft.public.security)
  • Re: Two-factor authentication with SSH?
    ... > As a system administrator I am responsible for the security and the ... > the passphrase from his certificate. ... > password authentication on the server side. ... There has to be some process that registers the public key ... ...
    (comp.security.ssh)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... CA/PKI scenario for SSL domain name certificates ... ... adequate authentication mechanism. ... the CA can retrieve the public key from the domain name ...
    (sci.crypt)
  • Re: Single User: Password or Certificate
    ... http://www.garlic.com/~lynn/2004p.html#60 Single User: Password or Certificate ... authentication and also a "shared-secret" ... the public/private key issue with hardware tokens has a number of ... the same public key can be registered in different security domains ...
    (comp.security.ssh)