danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
New Security Feature in Fedora 19 Part 4: openssh 6.2 better support for multi-factor authentication
danwalsh
We are beginning to see the end of passwords as the only means of authenticating yourself to a system, hopefully. 

Fedora 19 will be our first release of Openssh 6.2, which has introduced the AuthenticationMethods setting.
This feature allows you to require multiple different types of authorization to get into a system.  For example it is very easy to require  both an ssh public key and a password to login.   If you don't have the public key, you will never get to the password prompt.

In previous Fedora releases, there were some tricky  ways to do multi-factor using pam but this allows for more  combinations, and easier setup.
I found this blog that does a great job of describing the feature.
https://blog.flameeyes.eu/2013/03/openssh-6-2-adds-support-for-two-factor-authentication

Bottom line if you have a critical server, you want a user to prove multiple ways that he is worthy to get on the system.


You are viewing danwalsh