subject:"\[Freeipa\-devel\] require n out of m keys\/users to authenticate an ssh session\?"

[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

2016-12-20 Thread Oucema Bellagha

I'm looking for an option - eventually to extend standard ssh - in such a way 
that I need (at least) two people/keys out of m possible to authenticate a 
session instead of one out of m known once...

e.g: to authenticate to server X: we need user a AND (user b OR c)

anyone seen this or know how to do?




[https://media.licdn.com/mpr/mpr/shrinknp_200_200/AAEAAQk9JGYxOTFhYzdjLWIyMTgtNDQ2Yy1iOWI5LWQ2NDgxMWFjMWU5ZQ.jpg]
Oucema Bellagha
DevOps Engineer specialized in Cloud Computing and IT infrastructures
m:  +4915781042392
e:  oucema.bella...@hotmail.com
[http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/twitter_sig.png]
  
[http://cdn2.hubspot.net/hubfs/184235/dev_images/signature_app/linkedin_sig.png]
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

2016-12-19 Thread Alexander Bokovoy


On ma, 19 joulu 2016, Oucema Bellagha wrote:

Hi folks,


Thanks for the feedback, I already tried the AuthenticationMethods
"publickey,publickey" but is there any tool allowing this kind of
connection from two clients to the server in the same time using
ssh-Key cause it's not possible using putty ..

No, as I said, it is not designed in the SSH protocol

P.S. Answer to the list, not personally.




Cheers,



From: Alexander Bokovoy 
Sent: Monday, December 19, 2016 9:06:51 AM
To: Oucema Bellagha
Cc: freeipa-devel@redhat.com
Subject: Re: [Freeipa-devel] require n out of m keys/users to authenticate an 
ssh session?

On ma, 19 joulu 2016, Oucema Bellagha wrote:

I'm looking for an option - eventually to extend standard ssh - in such
a way that I need (at least) two people/keys out of m possible to
authenticate a session instead of one out of m known once...

e.g:
to authenticate to server X : I need two people A and (B or C) together.

anyone seen this or know how to do?

I know there is key + password (which is kind of this direction) but
not exactly what I'm looking for...

You can use the very same directive AuthenticationMethods to ask for
multiple keys too.

  AuthenticationMethods "publickey,publickey,publickey"

would require three different public keys to authenticate.

However, there is nothing in SSH protocol that would enforce different
people to be involved at the client side.
--
/ Alexander Bokovoy


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

2016-12-19 Thread Alexander Bokovoy


On ma, 19 joulu 2016, Oucema Bellagha wrote:

I'm looking for an option - eventually to extend standard ssh - in such
a way that I need (at least) two people/keys out of m possible to
authenticate a session instead of one out of m known once...

e.g:
to authenticate to server X : I need two people A and (B or C) together.

anyone seen this or know how to do?

I know there is key + password (which is kind of this direction) but
not exactly what I'm looking for...

You can use the very same directive AuthenticationMethods to ask for
multiple keys too.

  AuthenticationMethods "publickey,publickey,publickey"

would require three different public keys to authenticate.

However, there is nothing in SSH protocol that would enforce different
people to be involved at the client side.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

2016-12-19 Thread Oucema Bellagha

I'm looking for an option - eventually to extend standard ssh - in such a way 
that I need (at least) two people/keys out of m possible to authenticate a 
session instead of one out of m known once...

e.g:
to authenticate to server X : I need two people A and (B or C) together.

anyone seen this or know how to do?

I know there is key + password (which is kind of this direction) but not 
exactly what I'm looking for...


Thanks,


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

Re: [Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

Re: [Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

[Freeipa-devel] require n out of m keys/users to authenticate an ssh session?

4 matches

Site Navigation

Mail list logo

Footer information