[kwlug-disc] How to ... having ssh key connected ... ask for password, logout if fail?
B. S.
bs27975 at gmail.com
Thu Oct 6 01:17:20 EDT 2016
On 10/05/2016 12:08 PM, B.S. wrote:
> On 10/05/2016 11:25 AM, bob+kwlug at softscape.ca wrote:
...
>
>> A quick google search came up with an article that contains the
>> sentence "SSH certificates are the latest and greatest enhancement to
>> the public and private key authentication SSH has to offer".
>> (https://ef.gy/hardening-ssh)
>>
>> Perhaps there is something there that will achieve what you are
>> looking for.
>
> Will have to have a look, thank you.
If I'm following the article correctly, all the article is talking about
(wrt SSH Certificates) is signing the ssh public key with a CA so that
when a ssh client first connects they are not prompted to accept the
server - since the public key used is independently confirmed as correct
by checking with the CA (the first time that ssh client sees that ssh
server). [You're definitely connecting to the ssh server you thought you
were and intended to be.]
Which is to say, instead of being prompted to add the server to known
hosts, it is added without prompt.
Have I missed something?
If not, then this isn't bringing anything to my search to be prompted
for userid / password at ssh connect with key file. (But does add
additional security.)
More information about the kwlug-disc
mailing list