two factor authentication

William Ahern william at 25thandClement.com
Sun Jul 23 13:27:28 EST 2006


On Sun, Jul 23, 2006 at 10:16:12AM +1000, Darren Tucker wrote:
> jacob martinson wrote:
> > Are there any plans on the table to add native support for two-factor
> > authentication, such as password *and* public key?
> 
> Answering the second part first, yes, it's an open enhancement request 
> (http://bugzilla.mindrot.org/show_bug.cgi?id=983).
> 
> Going back to the first part: while requiring both password and 
> public-key would probably improve security, personally I think the 
> private key is another instance of "something you know" (although with 
> the useful property of being able to prove you know it without 
> disclosing it) since it can be copied, printed out, emailed...
> 

Excluding public keys exported from a smart card. For real smart cards (i.e.
not USB memory sticks w/ a PKCS#11 library), the private key is not known
even by the user holding the card (unless you work at IBM and own an
electron scanning microscope).




More information about the openssh-unix-dev mailing list