SSH multi factor authentication

Bruce F Bading badingb at
Mon Jul 4 12:19:43 AEST 2016

There has been some good discussion around our IBM security team as to what
actually constitutes SSH multi factor authentication.  There are 2 options
being discussed.

One, the Google Authenticator (OTP authentication).
Two, Public/Private key authentication (pubkeyauthentication = yes) which
supports pass phrase private key authentication.

Which of these is considered multi-factor authentication and can you give a
brief response?  There are different opinions here and your opinion is
greatly appreciated.

Bruce F. Bading
Senior Security Consultant

IBM Systems and Technology Group
badingb at
member ISACA since 1985

"United We Stand"

For those with risk, your time to remediate is today.
For those who have been breached, your time to remediate was yesterday!

More information about the openssh-unix-dev mailing list