Bug 2323 - Two factor authentication with two different SSH keys
Summary: Two factor authentication with two different SSH keys
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 6.7p1
Hardware: All All
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_6_8
  Show dependency treegraph
 
Reported: 2014-12-03 22:37 AEDT by Daniel Slavík
Modified: 2015-03-18 18:16 AEDT (History)
1 user (show)

See Also:

Attachments
Require multiple publickey entries in AuthenticationMethods use different keys (8.37 KB, patch)
2014-12-11 14:50 AEDT, Damien Miller 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Slavík 2014-12-03 22:37:33 AEDT 
Hello, I would like to raise an enhacement request to OpenSSH. I need users to authenticate with two factors, both of them being different SSH keys. In current OpenSSH 6.2+ configuration this is done be setting AuthenticationMethods property to „publickey,publickey“ in sshd_config file. But the problem is that SSH Daemon does not check that different key was used as first and second factor. In other words, same key can be used twice. Thank You.
Comment 1 Damien Miller 2014-12-11 14:50:55 AEDT 
Created attachment 2516 [details]
Require multiple publickey entries in AuthenticationMethods use different keys

Thanks for reminding me to do this - I've been planning it for a while. Here's a patch that implements it for -current.
Comment 2 Damien Miller 2014-12-22 19:47:31 AEDT 
Patch applied. This will be in openssh-6.8 - thanks!
Comment 3 Damien Miller 2015-03-18 18:16:57 AEDT 
openssh-6.8 is released