On 2021/08/21 20:19, matthewhtb@xxxxxxxxxxxxx wrote: > Hello, > > I hope my question is apt for this list. > > I am using OpenSSH_8.2p1 on Ubuntu 20.04. > > I connect to a remote SSH server with the -i /path/to/file identity file > option. My local machine asks me for a password for the identity file. > This is because I created a password when using ssh-keygen. > > However, after I exit from the SSH server, and log back in I am not asked > for a password. Some kind of caching is happening. > > Is there a way to force the password to be asked on every occasion when > using an identity file? > > I have searched but it looks as if everyone wants to avoid using > passwords, not deliberately attempting to use them. Other replies have looked at this from the client side and agent caching, but you can also require on the server that a password *as well as* a public key is offered. That also guards against users who did not use a password/passphrase to protect their key. See sshd_config(5): AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one or more lists of comma-separated authentication method names, or by the single string any to indicate the default behaviour of accepting any single authentication method. If the default is overridden, then successful authentication requires completion of every method in at least one of these lists. For example, "publickey,password publickey,keyboard-interactive" would require the user to complete public key authentication, followed by either password or keyboard interactive authentication. Only methods that are next in one or more lists are offered at each stage, so for this example it would not be possible to attempt password or keyboard-interactive authentication before public key. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev