Feature - Password over Pubkey auth
Alexander Bokovoy
ab at samba.org
Mon Aug 4 17:58:10 AEST 2025
On Няд, 03 жні 2025, Eduardo Suarez-Santana via openssh-unix-dev wrote:
> Hi,
>
> this is just an idea.
>
> I've observed that password authentication typically passes through the
> server-side PAM authentication modules. This may be useful for instance to
> unlock an encrypted home directory using the user's password.
>
> On the other side, public key authentication may be run passwordless from the
> client, which is also a great feature, but it does not allow to unlock the home
> directory.
>
> I wonder whether an hybrid authentication method could be implemented, where
> the password of the user is stored along with the authorized public key in the
> server, but instead of storing it in plain text, it would be stored encrypted
> with the public key.
This already can be achieved by specifying multiple values in
AuthenticationMethods option. The documentation even provides this
example:
For example, "publickey,password publickey,keyboard-interactive"
would require the user to complete public key authentication, followed
by either password or keyboard interactive authentication.
--
/ Alexander Bokovoy
More information about the openssh-unix-dev
mailing list