Bug 2323

Summary: Two factor authentication with two different SSH keys
Product: Portable OpenSSH Reporter: Daniel Slavík <slavik.dan12>
Component: sshdAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: enhancement CC: djm
Priority: P5    
Version: 6.7p1   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 2266    
Attachments:
Description Flags
Require multiple publickey entries in AuthenticationMethods use different keys none

Description Daniel Slavík 2014-12-03 22:37:33 AEDT 
Hello, I would like to raise an enhacement request to OpenSSH. I need users to authenticate with two factors, both of them being different SSH keys. In current OpenSSH 6.2+ configuration this is done be setting AuthenticationMethods property to „publickey,publickey“ in sshd_config file. But the problem is that SSH Daemon does not check that different key was used as first and second factor. In other words, same key can be used twice. Thank You.
Comment 1 Damien Miller 2014-12-11 14:50:55 AEDT 
Created attachment 2516 [details]
Require multiple publickey entries in AuthenticationMethods use different keys

Thanks for reminding me to do this - I've been planning it for a while. Here's a patch that implements it for -current.
Comment 2 Damien Miller 2014-12-22 19:47:31 AEDT 
Patch applied. This will be in openssh-6.8 - thanks!
Comment 3 Damien Miller 2015-03-18 18:16:57 AEDT 
openssh-6.8 is released