"Semi-Trusted" SSH-Keys that also require PAM login
Brian Candler
b.candler at pobox.com
Thu Oct 22 18:34:35 AEDT 2020
On 22/10/2020 00:12, Jan Bergner wrote:
> TL;DR: Let us rephrase the question to "How can I require an
> additional layer of authentication for certain SSH keys, but not for
> all of them?"
Would it be sufficient to have an additional layer of authentication
when the client connects from address X, but not address Y? That is,
you are allowed to skip 2FA when connecting from a trusted IP address?
AuthenticationMethods publickey,password
Match Address 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
AuthenticationMethods publickey
More information about the openssh-unix-dev
mailing list