feature: RequiredAuthentications

[Bob Proulx]

L.T.Lowe at hep.ph.bham.ac.uk wrote:
> Is there a way for a sshd server to be able to enforce both
> client host key authentication as well as user authentication,
> say for roving user-administered laptops.
> So a sysadmin can restrict access to allow only client hosts 
> which can pass the HostbasedAuthentication tests, 
> whatever the current IP name/address, but still insist on the user
> authenticating themselves (by password say). Is this possible?

I turn off password authentification and enforce use of rsa keys.  The
sshd config option is:

  PasswordAuthentication no

This is slightly different than you propose but I think has a higher
utility.  I can switch laptops as long as I am using the same user
key.

Bob