Most of us used either password based authentication or public key based authentication while accessing server through ssh protocol. Password based authentication is default authentication mechanism for ssh. We just have to enable sshd service on server. For public key based authentication we have to generate private-public key pair. We covered key based authentication in this post
Now here the requirement is setup two factor authentication for ssh. What if we need both the private key and password for ssh access to the server
You can see in above diagram, if you use either wrong private key or wrong password the result will be unsuccessful login. For successful login user must has both the private key and password correct.
Obviously we have to enable multiple authentication for ssh access. Older version of OpenSSH does not provide this functionality. OpenSSH version 6.1 and beyond provides feature of additional authentication.
To enable multiple authentication methods we can use AuthenticationMethods parameter in /etc/ssh/sshd_config configuration file. For example if we want to enable Public Key Authentication+Password Authentication then add following line in sshd configuration file /etc/ssh/sshd_config
Restart sshd service after making changes. Remember that both authentication must not be disabled in /etc/ssh/sshd_config. Once Public Key Authentication+ Password Authentication enabled , ssh login will appear as below