A while back (March) I was sent the below reply, which contained references to patches to OpenSSH 4.7p1 that require multiple authentication. Are there any similar patches to 4.8 and/or 5.1? And is there any chance of something similar making it into the standard OpenSSH distribution? The first of these patches saved me much grief when dealing with PCI-DSS (Payment Card Industry Data Security Standards). Thanks! Jeff Simmons wrote: > While doing a bit of research, I've found some historic attempts to require > multiple authentication in sshd (i.e. both public/private key and > login/password). Is there any way to get this working in the current ssh > distribution, specifically in up to date stable OpenBSD? > > Thanks for any assistance, even a no, we don't do that. > https://bugzilla.mindrot.org/show_bug.cgi?id=983 forces you to use both public key and password authentication. https://bugzilla.mindrot.org/show_bug.cgi?id=1435 allows you to specify 2 or more methods. The patches are made against portable 4.7p1 but I imagine should be relatively easy to adapt to openBSD. -- Jeff Simmons jsimmons@xxxxxxxxxxxxxxx Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult
