Peter,
On 2020-06-03 12:14, Peter Stuge wrote:
mailto428496 wrote:
We would like to associate two different types of public keys
with each user's account. One would be a "client machine" public key
(of which there could be several, if the user is allowed to login from
multiple systems) and the other would be a public key from a user token,
such as a smartcard (we don't want 2 "client machine" public keys to be
able to be combined to bypass the user's token login).
..
some magic way to do this that I am missing ;-)
Couldn't you use hostbased authentication for client machines and
publickey for users?
That had occurred to me, but in our case users sometimes connect from
shared systems that are outside of our direct control and we would like
to control pubkey client access on a per user basis rather than per machine.
Thanks,
Jim
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev