Show Table of Contents
188.8.131.52. Multiple Authentication Methods
Using multiple authentication methods, or multi-factor authentication, increases the level of protection against unauthorized access, and as such should be considered when hardening a system to prevent it from being compromised. Users attempting to log in to a system that uses multi-factor authentication must successfully complete all specified authentication methods in order to be granted access.
AuthenticationMethodsconfiguration directive in the
/etc/ssh/sshd_configfile to specify which authentication methods are to be utilized. Note that it is possible to define more than one list of required authentication methods using this directive. If that is the case, the user must complete every method in at least one of the lists. The lists need to be separated by blank spaces, and the individual authentication-method names within the lists must be comma-separated. For example:
AuthenticationMethods publickey,gssapi-with-mic publickey,keyboard-interactive
sshddaemon configured using the above
AuthenticationMethodsdirective only grants access if the user attempting to log in successfully completes either
publickeyauthentication followed by
keyboard-interactiveauthentication. Note that each of the requested authentication methods needs to be explicitly enabled using a corresponding configuration directive (such as
PubkeyAuthentication) in the
/etc/ssh/sshd_configfile. Refer to the AUTHENTICATION section of
ssh(1)for a general list of available authentication methods.