feature: RequiredAuthentications
Carson Gaspar
carson at taltos.org
Thu May 19 06:29:06 EST 2005
--On Wednesday, May 18, 2005 01:20:20 PM +1000 Damien Miller
<djm at mindrot.org> wrote:
> L.T.Lowe at hep.ph.bham.ac.uk wrote:
>>
>> Is there a way for a sshd server to be able to enforce both
>> client host key authentication as well as user authentication,
>> say for roving user-administered laptops.
>> So a sysadmin can restrict access to allow only client hosts
>> which can pass the HostbasedAuthentication tests,
>> whatever the current IP name/address, but still insist on the user
>> authenticating themselves (by password say). Is this possible?
>
> No, but see http://bugzilla.mindrot.org/show_bug.cgi?id=983
I also had an old patch that supported ordered auth methods (the patch
referenced above requires multiple auth methods in any order). I will again
offer to update my patch to the current OpenSSH code if the core
maintainers express any interest in integrating the patch. It was
previously rejected as "too complicated" (functionality-wise, not code
complexity).
--
Carson Gaspar
More information about the openssh-unix-dev
mailing list