Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
Peter Stuge
peter at stuge.se
Thu Jun 4 04:07:03 AEST 2020
mailto428496 wrote:
> > Couldn't you use hostbased authentication for client machines and
> > publickey for users?
>
> That had occurred to me, but in our case users sometimes connect from
> shared systems that are outside of our direct control and we would like
> to control pubkey client access on a per user basis rather than per machine.
Hostbased authentication can use per-user host keys.
Or maybe I don't understand your point?
Hostbased auth can consider both system-wide (on server) public host keys
(for client hosts) as well as per-user (on server) public host keys
(for client hosts).
In addition to hostbased, publickey authentication then requires the
user to also authenticate themselves to the server, as usual.
Now, I don't think there is a hook for host public keys like there is
for user public keys, but maybe you can use it anyway?
//Peter
More information about the openssh-unix-dev
mailing list