[ssh_x509] Two factor user authentication : x509v3 along with password

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Mar 24 08:51:00 EET 2022


P.S.

Public page is https://secureboxpro.termoneplus.com/man5/sshd_config.5.html .... , i.e. with removed .example.net from some addresses below.

Roumen

ssh_x509 at roumenpetrov.info wrote:
> Hi Murugesh ,
>
> ssh_x509 at roumenpetrov.info wrote:
>> Hi,
>>
>> I am looking for having x509v3 certificate based user authentication, along
>> with password based authentication. That is even after x509v3 auth is
>> successful, password prompt should be issued to client and that should be
>> authenticated by server as 2nd factor.
> I could like to clarify that X509 identities are used in public-key or host-based authentication in similar ways as
> "plain" keys.
>
> There is some options that restrict so called algorithms - |PubkeyAlgorithms| <https://secureboxpro.termoneplus.com.example.net/man5/sshd_config.5.html#PubkeyAlgorithms> and |HostbasedAlgorithms .| <https://secureboxpro.termoneplus.com.example.net/man5/sshd_config.5.html#HostbasedAlgorithms>
> Remark: both options could be used in match block.
>
>
>> Could any one please suggest if this is supported in pkixssh version ?
> If you means daemon options AuthenticationMethods (
> https://secureboxpro.termoneplus.com/man5/sshd_config.5.html#AuthenticationMethods ) - yes.
>
> Remark: keyword AuthenticationMethods is accepted in match block as well.
>
> With other word there is no difference in setup comparing to OpenSSH.
>
>> Thanks & Regards,
>> Murugesh P.
>
> Regards,
> Roumen Petrov
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info




More information about the ssh_x509 mailing list