two factor authentication

Darren Tucker dtucker at zip.com.au
Tue Jul 25 08:35:58 EST 2006


Jefferson Ogata wrote:
> And the patches were what I was drawing attention to. But since sshd is
> largely about strong authentication, it would be nice to see it natively
> support per-user configuration of multiple required authentication methods.

The "per-user" part has just been added to sshd and will be in the next 
major release: the "Match" keyword allows you conditionally override 
some settings on a per {user,host,network} basis.  It doesn't allow 
control of authentication types (yet), though.

eg:

AllowTcpForwarding yes
Match User anoncvs
	AllowTcpForwarding no

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list