feature: RequiredAuthentications

Bob Proulx bob at proulx.com
Wed May 18 01:46:45 EST 2005

L.T.Lowe at hep.ph.bham.ac.uk wrote:
> Is there a way for a sshd server to be able to enforce both
> client host key authentication as well as user authentication,
> say for roving user-administered laptops.
> So a sysadmin can restrict access to allow only client hosts 
> which can pass the HostbasedAuthentication tests, 
> whatever the current IP name/address, but still insist on the user
> authenticating themselves (by password say). Is this possible?

I turn off password authentification and enforce use of rsa keys.  The
sshd config option is:

  PasswordAuthentication no

This is slightly different than you propose but I think has a higher
utility.  I can switch laptops as long as I am using the same user


More information about the openssh-unix-dev mailing list