Two-Factor Auth Using Key and Password with OpenSSH 6.2 or Higher

By | 2014/04/23



Now that most distros are shipping OpenSSH 6.2 or later, check out this feature to enable two-factor auth with a key and also a password!


1. Edit the file:

/etc/ssh/sshd_config




Add the following lines:


AuthenticationMethods publickey,password
PasswordAuthentication yes



2. Restart ssh (upstart or init):

$ sudo service ssh restart


Or if using systemd:


$ sudo systemctl restart sshd.service




Now ssh logins require first a key and then a password:


smiller@bruckner:~$ ssh 192.168.43.242
Authenticated with partial success.
smiller@192.168.43.242's password: 
Welcome to Ubuntu Trusty Tahr (GNU/Linux 3.13.0-21-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Wed Apr 23 08:14:38 EDT 2014

  System load:  0.0               Processes:           72
  Usage of /:   15.2% of 7.26GB   Users logged in:     1
  Memory usage: 11%               IP address for eth0: 192.168.43.242
  Swap usage:   0%

  Graph this data and manage this system at:

https://landscape.canonical.com/

Last login: Wed Apr 23 08:14:38 2014 from bruckner
smiller@trusty:~$ 




Also see:


Original OpenSSH 6.2 announcement


Debian Wheezy – Install OpenSSH 6.x from backports

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.