SSH 2FA public key *and* password

Discuss
, ,
1

Discuss

I believe having ssh key and server side password (=/= passphrase[1]) for authentication seriously increases the security posture, especially for admin accounts with sudo priveleges. It is not as good as with other 2FA technology available today with openssh (like OTP).

However, today, the yunohost docs and options does not offer an easy way to enable both when it does have an option to disable password auth.

There is an easy configuration to enable both in sshd_config: sshd_config(5) - OpenBSD manual pages

What would it take to implement such features? Do you think it is relevant?

  1. passphrase is related to the encryption of one’s ssh private key on the client, while the password is related to the user password on the server and has nothing to do with the passphrase and the encryption of the ssh key. ↩︎

1 Like
Web diagnosis could not diagnose if domains are reachable from outside in IPv4
2

I created a PR to address this feature request: enh(sshd_config)!: Refactor sshd_config template for different auth methods by louis-vgn · Pull Request #2304 · YunoHost/yunohost · GitHub

It’s a draft because it brings a slight breaking change.

2 Likes