Re: "Semi-Trusted" SSH-Keys that also require PAM login

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 22/10/2020 00:12, Jan Bergner wrote:
TL;DR: Let us rephrase the question to "How can I require an additional layer of authentication for certain SSH keys, but not for all of them?"
Would it be sufficient to have an additional layer of authentication when the client connects from address X, but not address Y?  That is, you are allowed to skip 2FA when connecting from a trusted IP address? 

AuthenticationMethods publickey,password

Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
AuthenticationMethods publickey


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux