[ssh_x509] Two factor user authentication : x509v3 along with password

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Mar 23 07:44:36 EET 2022

Hi Murugesh ,

ssh_x509 at roumenpetrov.info wrote:
> Hi,
> I am looking for having x509v3 certificate based user authentication, along
> with password based authentication. That is even after x509v3 auth is
> successful, password prompt should be issued to client and that should be
> authenticated by server as 2nd factor.
I could like to clarify that X509 identities are used in public-key or host-based authentication in similar ways as
"plain" keys.

There is some options that restrict so called algorithms - |PubkeyAlgorithms| <https://secureboxpro.termoneplus.com.example.net/man5/sshd_config.5.html#PubkeyAlgorithms> and |HostbasedAlgorithms .| <https://secureboxpro.termoneplus.com.example.net/man5/sshd_config.5.html#HostbasedAlgorithms>
Remark: both options could be used in match block.

> Could any one please suggest if this is supported in pkixssh version ?
If you means daemon options AuthenticationMethods (
https://secureboxpro.termoneplus.com/man5/sshd_config.5.html#AuthenticationMethods ) - yes.

Remark: keyword AuthenticationMethods is accepted in match block as well.

With other word there is no difference in setup comparing to OpenSSH.

> Thanks & Regards,
> Murugesh P.

Roumen Petrov

More information about the ssh_x509 mailing list