Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source

[mailto428496]

I don't see a way to do this currently (unless I am missing something) 
but I would like to be able to specify, that in order for a user to 
login, they need to use at least 1 public key from 2 separate key 
sources.  Specifically this would be when using "AuthenticationMethods 
publickey,publickey".  Right now requiring 2 public keys for 
authentication will allow 2 public keys from any authorized key source 
specified without distinction.  I would like a way to say, require 1 key 
from source A and 1 key from source B.

Like if there was a way to specify something like this for example:

AuthenticationMethods publickey[1],publickey[2]

AuthorizedKeysCommand[1] <source_a_command_script>

AuthorizedKeysCommand[2] <source_b_command_script>

and the same for AuthorizedKeysFile (for our needs multiple commands 
would be fine, but might as well support it for both)

Let me also give an example of why I am interested in this, for 
context.  We would like to associate two different types of public keys 
with each user's account.  One would be a "client machine" public key 
(of which there could be several, if the user is allowed to login from 
multiple systems) and the other would be a public key from a user token, 
such as a smartcard (we don't want 2 "client machine" public keys to be 
able to be combined to bypass the user's token login).  A (poor) 
workaround is to use the same private key on all of the users machines 
but I would prefer not to do this, both in general for security reasons 
and also so that if a user's machine is lost, stolen or we just want to 
deauthorize it, the pubkey for that machine can be removed from the 
database.

Anyway, I don't see a way to do this currently so I thought I would 
throw it out there as a potential future enhancement.  Or please 
enlighten me if there is some magic way to do this that I am missing ;-)

Thanks,


Jim