On 23.08.21 12:18, Stuart Henderson wrote: > Other replies have looked at this from the client side and agent caching, > but you can also require on the server that a password *as well as* a > public key is offered. That also guards against users who did not use > a password/passphrase to protect their key. Or [ fail to use | use a reimplementation that lacks ] the "-c" and "-t" options of ssh-add. However, I seem to remember that at some point (one or two years ago?), there was an announcement that in future versions of OpenSSH, the server side may get *told* whether the auth was done with or without *human* interaction on the client side (i.e., when talking about user keypair auth, passphrase entered vs. straight out of some agent) and could reject a non-interactive attempt, which would satisfy the OP's need. Any news of that, or am I misremembering? Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
