Partial authentication

erikvcl at erikvcl at
Tue Dec 30 04:36:06 EST 2003


The original partial authentication patch for the pre-privilege-separation 
version of SSH was written by Carson Gaspar.  An improvement on this patch 
was made by Maciej Bogucki.

As an employee of Cyclades, I ported this patch to the current version of 
SSH with privilege separation since we needed this functionality.  
The work that I did is quite a hack, but it works well enough.  I do not 
have the extensive knowledge of SSH that I should have to make this kind 
of improvement in as elegant a way as the core SSH developers.

Although I have passed my work along (and the code is available in our
product's freely-available CDK), there seems to be little interest in
partial authentication among the OpenSSH community (I've brought up this
topic before).

I would like to see partial authentication in OpenSSH as I think that it 
is a valuable feature.  It would be great to see improvements to the work 
that I've done to turn a strictly functional patch into one that is 
elegant and verified to be free of security concerns.



On Fri, 7 Nov 2003, Dmitry Berezin wrote:

> Hello,
> I would like to bring up the topic of possibly including partial
> authentication functionality into OpneSSH again - it was discussed a few
> weeks ago. I believe that implementing auth vectors was suggested as a way
> to achieve this.
> The reasoning behind the need for partial auth is that there are cases when
> multiple methods of authentication are required for the user to be
> successfully authenticated (password and SecureID for example).
> I just want to find out if there are any active plans for building this, or
> if there is a decision not to include partial auth in OpenSSH.
>   Thank you,
>   -Dmitry.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Erik Lotspeich
Software Engineer, R&D
Cyclades Corporation
erik.lotspeich at
Phone:  510-771-6153
Fax:    510-771-6200
"Everywhere with Linux"

More information about the openssh-unix-dev mailing list