On Wed, 3 Jun 2020, mailto428496 wrote: > I don't see a way to do this currently (unless I am missing something) > but I would like to be able to specify, that in order for a user to > login, they need to use at least 1 public key from 2 separate key > sources. Specifically this would be when using "AuthenticationMethods > publickey,publickey". Right now requiring 2 public keys for > authentication will allow 2 public keys from any authorized key source > specified without distinction. I would like a way to say, require 1 key > from source A and 1 key from source B. > > Like if there was a way to specify something like this for example: > > AuthenticationMethods publickey[1],publickey[2] > > AuthorizedKeysCommand[1] <source_a_command_script> > > AuthorizedKeysCommand[2] <source_b_command_script> > > and the same for AuthorizedKeysFile (for our needs multiple commands > would be fine, but might as well support it for both) There's no way to do this at present. If we can figure out a good syntax for expressing it, then we could add it (a few people have asked for similar things before). -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
