Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source

mailto428496 mailto628496 at
Thu Jun 4 02:51:43 AEST 2020


On 2020-06-03 12:14, Peter Stuge wrote:
> mailto428496 wrote:
>> We would like to associate two different types of public keys
>> with each user's account.  One would be a "client machine" public key
>> (of which there could be several, if the user is allowed to login from
>> multiple systems) and the other would be a public key from a user token,
>> such as a smartcard (we don't want 2 "client machine" public keys to be
>> able to be combined to bypass the user's token login).
> ..
>> some magic way to do this that I am missing ;-)
> Couldn't you use hostbased authentication for client machines and
> publickey for users?

That had occurred to me, but in our case users sometimes connect from 
shared systems that are outside of our direct control and we would like 
to control pubkey client access on a per user basis rather than per machine.



More information about the openssh-unix-dev mailing list