Auth via Multiple Publickeys, Using Multiple Sources, One Key per Source
Damien Miller
djm at mindrot.org
Thu Jun 4 09:13:46 AEST 2020
On Wed, 3 Jun 2020, mailto428496 wrote:
> I don't see a way to do this currently (unless I am missing something)
> but I would like to be able to specify, that in order for a user to
> login, they need to use at least 1 public key from 2 separate key
> sources. Specifically this would be when using "AuthenticationMethods
> publickey,publickey". Right now requiring 2 public keys for
> authentication will allow 2 public keys from any authorized key source
> specified without distinction. I would like a way to say, require 1 key
> from source A and 1 key from source B.
>
> Like if there was a way to specify something like this for example:
>
> AuthenticationMethods publickey[1],publickey[2]
>
> AuthorizedKeysCommand[1] <source_a_command_script>
>
> AuthorizedKeysCommand[2] <source_b_command_script>
>
> and the same for AuthorizedKeysFile (for our needs multiple commands
> would be fine, but might as well support it for both)
There's no way to do this at present. If we can figure out a good
syntax for expressing it, then we could add it (a few people have
asked for similar things before).
-d
More information about the openssh-unix-dev
mailing list