Rich Freeman on 26 Jul 2017 06:14:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices

On Wed, Jul 26, 2017 at 9:07 AM, Louis K <> wrote:
> *  I'm considering adding two factor auth in addition to the ssh keys. Is
> this overkill? I think in that case the 2-factor-auth really only protects
> me against someone getting my key (i.e., stealing my laptop and sshing in),
> which I _think_ is unlikely.

You understand the threat model - I can't say whether it is overkill.
It is more than I do.

I gave a recent talk on 2FA, but the example configuration I used does
not require 2FA if using an SSH key.

I believe with modern versions of openssh you can require both using:

AuthenticationMethods publickey,keyboard-interactive

See also:

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --