LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Solution: how to enforce both passwords and keys:

Solution: how to enforce both passwords and keys:

Posted Apr 10, 2012 16:34 UTC (Tue) by shaiay (guest, #84073)
Parent article: SSH: passwords or keys?

No need to decide, a simple solution exists!
In a nuthshell, allow only key based logins, and use the ForceCommand option in sshd_config to force PAM authentication.
The user than has to have a key to login, but after they login, they are forced to authenticate via PAM, regardless of whether their key is password protected!
Full procedure in this blog post

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds