How can I make SSH with an identity file always demand a password?

Jochen Bern Jochen.Bern at
Tue Aug 24 18:35:19 AEST 2021

On 23.08.21 12:18, Stuart Henderson wrote:
> Other replies have looked at this from the client side and agent caching,
> but you can also require on the server that a password *as well as* a
> public key is offered. That also guards against users who did not use
> a password/passphrase to protect their key.

Or [ fail to use | use a reimplementation that lacks ] the "-c" and "-t"
options of ssh-add.

However, I seem to remember that at some point (one or two years ago?),
there was an announcement that in future versions of OpenSSH, the server
side may get *told* whether the auth was done with or without *human*
interaction on the client side (i.e., when talking about user keypair
auth, passphrase entered vs. straight out of some agent) and could
reject a non-interactive attempt, which would satisfy the OP's need. Any
news of that, or am I misremembering?

Kind regards,
Jochen Bern

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssh-unix-dev mailing list