Requiring multiple authentication



A while back (March) I was sent the below reply, which contained references to
patches to OpenSSH 4.7p1 that require multiple authentication. Are there any
similar patches to 4.8 and/or 5.1? And is there any chance of something
similar making it into the standard OpenSSH distribution? The first of these
patches saved me much grief when dealing with PCI-DSS (Payment Card Industry
Data Security Standards).

Thanks!

Jeff Simmons wrote:
While doing a bit of research, I've found some historic attempts to require
multiple authentication in sshd (i.e. both public/private key and
login/password). Is there any way to get this working in the current ssh
distribution, specifically in up to date stable OpenBSD?

Thanks for any assistance, even a no, we don't do that.

https://bugzilla.mindrot.org/show_bug.cgi?id=983 forces you to use both
public key and password authentication.

https://bugzilla.mindrot.org/show_bug.cgi?id=1435 allows you to specify
2 or more methods.

The patches are made against portable 4.7p1 but I imagine should be
relatively easy to adapt to openBSD.

--
Jeff Simmons jsimmons@xxxxxxxxxxxxxxx
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult



Relevant Pages

  • hostbased: key xxxx is disallowed - why?
    ... I'm trying to use hostbased authentication between two Suse 8.0/8.1 ... machines with OpenSSH (OpenSSH_3.4p1, patched with all Suse security ... patches). ...
    (comp.security.ssh)
  • Re: [Full-disclosure] [Rumor] SSH (non)0-day
    ... released the patches for a security issue that was not yet in the wild then ... I am worried that if it is an OpenSSH 0day how much damage should I expect. ... Get started using Google Reader to easily keep up with all your favorite ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: updates and version numbers
    ... 4.9-RELEASE + security patches. ... It is quite possible that OpenSSH 3.7.x will be imported to 4-STABLE, ... If there are any security problems ... The last OpenSSH security advisory was ...
    (freebsd-stable)
  • Re: GSSAPI Key Exchange in sshd?
    ... Kevin Way wrote: ... FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. ... The author of those patches has offered to allow integration of the patches into the openssh source distribution, so I don't think licensing would be an issue. ...
    (freebsd-hackers)
  • Re: GSSAPI Key Exchange in sshd?
    ... Kevin Way wrote: ... FreeBSD from adding RFC 4462 (GSSAPI Key Exchange) support to sshd. ... The author of those patches has offered to allow integration of the patches into the openssh source distribution, so I don't think licensing would be an issue. ...
    (FreeBSD-Security)