feature: RequiredAuthentications

Carson Gaspar carson at taltos.org
Thu May 19 06:29:06 EST 2005

--On Wednesday, May 18, 2005 01:20:20 PM +1000 Damien Miller 
<djm at mindrot.org> wrote:

> L.T.Lowe at hep.ph.bham.ac.uk wrote:
>> Is there a way for a sshd server to be able to enforce both
>> client host key authentication as well as user authentication,
>> say for roving user-administered laptops.
>> So a sysadmin can restrict access to allow only client hosts
>> which can pass the HostbasedAuthentication tests,
>> whatever the current IP name/address, but still insist on the user
>> authenticating themselves (by password say). Is this possible?
> No, but see http://bugzilla.mindrot.org/show_bug.cgi?id=983

I also had an old patch that supported ordered auth methods (the patch 
referenced above requires multiple auth methods in any order). I will again 
offer to update my patch to the current OpenSSH code if the core 
maintainers express any interest in integrating the patch. It was 
previously rejected as "too complicated" (functionality-wise, not code 

Carson Gaspar

More information about the openssh-unix-dev mailing list