[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

[Alexander Bokovoy]

On ma, 19 joulu 2016, Oucema Bellagha wrote:
>Hi folks,
>
>
>Thanks for the feedback, I already tried the AuthenticationMethods
>"publickey,publickey" but is there any tool allowing this kind of
>connection from two clients to the server in the same time using
>ssh-Key cause it's not possible using putty ..
No, as I said, it is not designed in the SSH protocol

P.S. Answer to the list, not personally.

>
>
>Cheers,
>
>
>________________________________
>From: Alexander Bokovoy <abokovoy at redhat.com>
>Sent: Monday, December 19, 2016 9:06:51 AM
>To: Oucema Bellagha
>Cc: freeipa-devel at redhat.com
>Subject: Re: [Freeipa-devel] require n out of m keys/users to authenticate an ssh session?
>
>On ma, 19 joulu 2016, Oucema Bellagha wrote:
>>I'm looking for an option - eventually to extend standard ssh - in such
>>a way that I need (at least) two people/keys out of m possible to
>>authenticate a session instead of one out of m known once...
>>
>>e.g:
>>to authenticate to server X : I need two people A and (B or C) together.
>>
>>anyone seen this or know how to do?
>>
>>I know there is key + password (which is kind of this direction) but
>>not exactly what I'm looking for...
>You can use the very same directive AuthenticationMethods to ask for
>multiple keys too.
>
>   AuthenticationMethods "publickey,publickey,publickey"
>
>would require three different public keys to authenticate.
>
>However, there is nothing in SSH protocol that would enforce different
>people to be involved at the client side.
>--
>/ Alexander Bokovoy

-- 
/ Alexander Bokovoy