[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?
Alexander Bokovoy
abokovoy at redhat.com
Mon Dec 19 09:06:51 UTC 2016
On ma, 19 joulu 2016, Oucema Bellagha wrote:
>I'm looking for an option - eventually to extend standard ssh - in such
>a way that I need (at least) two people/keys out of m possible to
>authenticate a session instead of one out of m known once...
>
>e.g:
>to authenticate to server X : I need two people A and (B or C) together.
>
>anyone seen this or know how to do?
>
>I know there is key + password (which is kind of this direction) but
>not exactly what I'm looking for...
You can use the very same directive AuthenticationMethods to ask for
multiple keys too.
AuthenticationMethods "publickey,publickey,publickey"
would require three different public keys to authenticate.
However, there is nothing in SSH protocol that would enforce different
people to be involved at the client side.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list