Andrei POPESCU wrote: > Bob Proulx wrote: > > Thore wrote: > > > Another question is: How must I configure it that I only can login > > > with the user password my passphrase for the key and the keys? > > > so tripple protection against brute force. > > > > I recommend not to do this. Make sure you have a good non-guessable > > password and then don't use it unless you need it. If you don't use > > it then it can't be sniffed. If it is secure then it can't be > > guessed. In which case it isn't safer to disable it. And having it > > available for that emergency when you need it is very useful. > > I understood that Thore wants to have triple "authentication": > passphrase for the key, the key *and* the user password.
Oh! Require *both* the rsa ssh key AND the root password. Thanks for suggesting that clarification. I had read that as disabling the root password. I do not believe that is easily possible to require both. It isn't one of the standard configurations. It almost certainly seems possible to configure by some method through the PAM (pluggable authentication module) system however. If there is a solution to do this I think in the PAM area would be the place to look. The upstream openssh list would be the best place to discover this type of information. Bob
signature.asc
Description: Digital signature
