Mailing List Archive

Hello,

You can use "-i" switch when connecting to the host to specify the identity file (containing the private key).

Also u can specify identity file on per host basis in the configuration file located at "/etc/ssh/ssh_config". Or use a per user configuration file using the "-F" switch.

also as I understand ssh uses 2 factor authentication it uses RSA or DSA keys plus the provided username and password provided proper access control on the ssh key files usually located "~/.ssh/Id_rsa" and "~/.ssh/id_dsa".

Hope this helped.

Regards,

Saif
OSCP

Sent from my iPhone.

On Dec 14, 2010, at 6:37 PM, "Andrey Vul" <andrey@moshbear.net> wrote:

> Is there an option or patch for ssh so that, on login, a file, e.g.
> /tmp/ssh-ip.ad.dr.es-user-XXXXXX so that I can use it as an
> authentication token for multi-factor login?
>
> And to have a creation hook so that updating the htdigest and
> .htaccess's IP filter with the file name value isn't limited
> by cron?
>
> I'm running OpenSSH 5.6p1, Gentoo -r1.
>
> --
> m0shbear
> andrey 40 moshbear 2e net
>
>

Le lundi 13 décembre 2010 à 14:16 -0500, Andrey Vul a écrit :
> Is there an option or patch for ssh so that, on login, a file, e.g.
> /tmp/ssh-ip.ad.dr.es-user-XXXXXX so that I can use it as an
> authentication token for multi-factor login?

Sorry, I don't see the point where it would increase security.

IMHO, the only way to achieve security is to use a smartcard or a USB
token, like explained in this tutorial:

Using OpenSSH with smartcards
http://www.gooze.eu/howto/using-openssh-with-smartcards

Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu