Re: SSH multi factor authentication

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Sun, 3 Jul 2016, Stephen Harris wrote:

> On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote:
> > One, the Google Authenticator (OTP authentication).
> 
> On its own, this is not 2FA.  It's single factor ("something you
> have").
> 
> A combination of Google Authenticator _and_ password is 2FA.  This is
> easy to do with PAM.

Agreed

> > Two, Public/Private key authentication (pubkeyauthentication = yes) which
> > supports pass phrase private key authentication.
> 
> This is 2FA in that you need the private key and the passphrase for it.

I don't agree - being able to unlock a private key is just part of
"possessing" it.

OTOH publickey+password authentication could be considered 2FA. Ideally
with the key rendered practically uncloneable by holding it on a token, etc.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux