Posted Mar 22, 2013 16:36 UTC (Fri) by yokem_55 (subscriber, #10498)
[Link]
The exact same thought came to my mind. Public key + Google's H/TOTP auth would be really nice to have setup. Granted, it's doubling up on the "things you have" auth mode, but this way the "things" can be on separate devices (key on system, H/TOTP app on phone).
Looking forward to playing with this.
OpenSSH 6.2 released
Posted Mar 22, 2013 16:47 UTC (Fri) by marineam (subscriber, #28387)
[Link]
Yup, and each can be secured differently (phone pin, key password, etc) so in most cases that should be good enough and you get to use brain cells for remembering memes instead of passwords.
OpenSSH 6.2 released
Posted Mar 22, 2013 18:17 UTC (Fri) by aba (subscriber, #24118)
[Link]
It does. I'm using the relevant patch from bugzilla for some time with exactly this scenario (ssh key + OTP).
OpenSSH 6.2 released
Posted Mar 24, 2013 10:55 UTC (Sun) by gdt (subscriber, #6284)
[Link]
Just as importantly multiple methods give a simple defence against SSH door knocking.