There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor authentication and can you give a brief response? There are different opinions here and your opinion is greatly appreciated. Sincerely, Bruce F. Bading Senior Security Consultant IBM Systems and Technology Group 830-237-6851 badingb@xxxxxxxxxx member ISACA since 1985 "United We Stand" For those with risk, your time to remediate is today. For those who have been breached, your time to remediate was yesterday! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
