Re: Requiring Dual Factor Authentication / Multiple Authentication



On Wed, 22 Apr 2009 15:02:27 -0500, Ryan Kish <rpkish@xxxxxxxxx> wrote:

Hello List.

I am currently trying to determine how I can implement two factor
authentication for some servers that sit on border networks. Ideally,
a user would be required to use an rsa/dsa key & their system login
password to gain access. This way, they are using something they have
(rsa/dsa key) and something they know (password). It would allow me
enforce complex passwords as well as expiration time on the server
side.

Searching for previous posts on this subject has not been easy, but I
did come across a thread from 2006:
http://marc.info/?t=114928353600001&r=1&w=2

At that time, it looks like OpenSSH did not have the capabilities to
enforce multiple authentication. Has this changed? Are there other
ideas on how I could enforce password complexity and still utilize
rsa/dsa keys?

Thanks for your time,
Ryan


Are you looking for rsa/dsa key only access and then trusting that they have passphrases protecting them? Or, are you looking for something along the lines of integrating RSA SecurID with OpenSSH?

-MN



Relevant Pages