2011/6/10 Les Mikesell <lesmikesell@xxxxxxxxx>:
> On 6/10/2011 3:35 AM, Ljubomir Ljubojevic wrote:
>> Robert Spangler wrote:
>>> On Thursday 09 June 2011 17:34, the following was written:
>>>
>>>> How to configure sshd to required both ssh public key and user
>>>> password also? yes, stupid, but required on my setup..
>>>
>>> Have you thought about securing your ssh keys with a pasword? I do that here
>>> so if someone would happen to get a hold of my keys they still could not use
>>> them. I am guessing that is why you are looking for both keys and passwords.
>>>
>>>
>> Not really. My view is so he can authenticate from his own PC without
>> the need to type the password, but if he is on someone else's system he
>> whould use regular password. That is what I would like to be able to do.
>
> That's just normal behavior when both are enabled. If the key works,
> you don't get the password prompt. But even in the 'ultrasecure'
> scenario of requiring both, do you really want people typing their
> passwords on equipment that might have a keylogger running?
Yes, because of compliancy requirements. ssh public key does not
support expiring public keys. (maybe you can use cron job to delete too
old public keys from server?)
--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
