Two-Factor Auth Using Key and Password with OpenSSH 6.2 or Higher

By | 2014/04/23

Now that most distros are shipping OpenSSH 6.2 or later, check out this feature to enable two-factor auth with a key and also a password!

1. Edit the file:


Add the following lines:

AuthenticationMethods publickey,password
PasswordAuthentication yes

2. Restart ssh (upstart or init):

$ sudo service ssh restart

Or if using systemd:

$ sudo systemctl restart sshd.service

Now ssh logins require first a key and then a password:

smiller@bruckner:~$ ssh
Authenticated with partial success.
smiller@'s password: 
Welcome to Ubuntu Trusty Tahr (GNU/Linux 3.13.0-21-generic x86_64)

 * Documentation:

  System information as of Wed Apr 23 08:14:38 EDT 2014

  System load:  0.0               Processes:           72
  Usage of /:   15.2% of 7.26GB   Users logged in:     1
  Memory usage: 11%               IP address for eth0:
  Swap usage:   0%

  Graph this data and manage this system at:

Last login: Wed Apr 23 08:14:38 2014 from bruckner

Also see:

Original OpenSSH 6.2 announcement

Debian Wheezy – Install OpenSSH 6.x from backports