Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Apr 2007
How to enable passphrase for access via ssh
How can I enable passphrase along with the password for login via ssh ? In that whenever I login from server A to server B via ssh, it should ask me for a password and then passphrase to allow me access.
Can we have multiple passwords to login via ssh ?
My basic need is to have 2 levels of password.
After some searching, this was found:
As of now, you cannot have a Two Factor authentication with 1) Public key and 2) password.
PAM and pubkey auth are (as of now) mutually exclusive.
Here is the bug ticket:
It may be up to your character, if you are happy about the latest activity and comments
or disapointed by the fact, that the ticket was created in 2005 :P
However, if you don't need pubkeys or create a block of users w/o pubkeys via the match directive, then you can stack multiple pam auth modules.
Additionally to pam_unix, this here might work for you:
google-authenticator - Two-step verification - Google Project Hosting
But there are also other pam modules.
Seems like a fun project, I would appreciate, if you could report your progressYou must always face the curtain with a bow.
What I do is create an ssh key with a passphrase.
Then copy the .pub key to the device I want to use keys with.
This allows me to use ssh keys and still be secure
The adventure of a life time.
Linux User #296285
that is a slightly different story that works easily
to create ssh key with passphrase:
the passphrase option is chosen and passphrase created when you initially create your serverkey
whether it is possible to add a passphrase to an existing ssh key ...
may be that helps and works for you
SSL/TLS Strong Encryption: FAQ - Apache HTTP Server
To add a passphrase to the key, you should run the following command, and enter & verify the passphrase as requested.
$ openssl rsa -des3 -in server.key -out server.key.new
$ mv server.key.new server.key
make sure to understand that a serverkey with password protection never could be used for any automated connection as it always would require the manual input and most likely within a time frame.