two factor authentication
William Ahern
william at 25thandClement.com
Sun Jul 23 13:27:28 EST 2006
On Sun, Jul 23, 2006 at 10:16:12AM +1000, Darren Tucker wrote:
> jacob martinson wrote:
> > Are there any plans on the table to add native support for two-factor
> > authentication, such as password *and* public key?
>
> Answering the second part first, yes, it's an open enhancement request
> (http://bugzilla.mindrot.org/show_bug.cgi?id=983).
>
> Going back to the first part: while requiring both password and
> public-key would probably improve security, personally I think the
> private key is another instance of "something you know" (although with
> the useful property of being able to prove you know it without
> disclosing it) since it can be copied, printed out, emailed...
>
Excluding public keys exported from a smart card. For real smart cards (i.e.
not USB memory sticks w/ a PKCS#11 library), the private key is not known
even by the user holding the card (unless you work at IBM and own an
electron scanning microscope).
More information about the openssh-unix-dev
mailing list