Two Factor Authentication in SSH

By | January 31, 2014

Most of us used either password based authentication or public key based authentication while accessing server through ssh protocol.  Password based authentication is default authentication mechanism for ssh. We just have to enable sshd service on server.  For public key based authentication we have to generate private-public key pair.  We covered key based authentication in this post

Now here the requirement is setup two factor authentication for ssh. What if we need both the private key and password for ssh access to the server



You can see in above diagram, if you use either wrong private key or wrong password  the result will be unsuccessful login. For successful login user must has both the private key and password correct.

Obviously we have to enable multiple authentication for ssh access. Older version of  OpenSSH  does not provide this functionality. OpenSSH version 6.1 and beyond provides feature of additional authentication.

To enable multiple authentication methods we can use AuthenticationMethods parameter in /etc/ssh/sshd_config configuration file. For example if we want to enable Public Key Authentication+Password Authentication then add following line in sshd configuration file /etc/ssh/sshd_config

AuthenticationMethods publickey,password

Restart sshd service after making changes. Remember that both authentication must not be disabled in /etc/ssh/sshd_config.  Once Public Key Authentication+ Password Authentication enabled , ssh login will appear as below


Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page
Category: SSH

4 thoughts on “Two Factor Authentication in SSH

  1. Moneybags

    This is two step authentication, not two factor authentication. Two factor authentication requires two different factors–passwords and keys are the same.

  2. boris b

    You can not any easier that this. Really! Especially for users that are not Linux familiar!
    Exchange keys and login!
    If you are using sftp(because sftp=ssh ftp), you have to do this keys exchange. And because you can not forge these keys, security level is pretty high!


Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *