https://systemoverlord.com/tags/openssh.htmlRecent content in OpenSSH on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Sat, 03 Mar 2018 00:00:00 +0000https://systemoverlord.com/2018/03/03/openssh-two-factor-authentication-but-not-service-accounts.htmlSat, 03 Mar 2018 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2018/03/03/openssh-two-factor-authentication-but-not-service-accounts.html<p>Very often, people hear &ldquo;SSH&rdquo; and &ldquo;two factor authentication&rdquo; and assume you&rsquo;re talking about an SSH keypair that&rsquo;s got the private key protected with a passphrase. And while this is a reasonable approximation of a two factor system, it&rsquo;s not <em>actually</em> two factor authentication because the server is not using two separate factors to authenticate the user. The only factor is the SSH keypair, and there&rsquo;s no way for the server to know if that key was protected with a passphrase. However, OpenSSH has supported true two factor authentication for nearly 5 years now, so it&rsquo;s quite possible to build even more robust security.</p>