SSH with key pair and password at same time

ssh security linux

From https://security.stackexchange.com/questions/17931/possible-to-use-both-private-key-and-password-authentication-for-ssh-login

Now on RHEL / CentOS 7, and any system with a recent version of OpenSSH, you can use:

AuthenticationMethods "publickey,password" "publickey,keyboard-interactive"

Also see: https://lwn.net/Articles/544640/

It is also important to note that the AuthenticationMethods feature applies only to the SSH 2 protocol, and that each authentication method listed must also be explicitly enabled in the sshd_config file.

And a great explanation in detail here:

https://sysconfig.org.uk/two-factor-authentication-with-ssh.html

Match User johndoe
AuthenticationMethods publickey,keyboard-interactive

Read the commas as logical AND. On login, johndoe's key pair will be checked first and if it's a match, you'll see this:

Authenticated with partial success.

Then, he will be asked for his password. So without realising, you have just set up MFA. Your key pair being what you have, the account password being what you know. This is possibly the simplest way of setting up MFA with SSH, and already better than single-factor authentication.

Related

Connect wireless Xbox 360 controller to iMac?
Only one beefalo?
How to get Poker Night at the Inventory's "Slow Play" achievement?
How can I change to a Google account without losing my Trainer Club account progress in Pokemon Go?
What are the rarest bugs/fish for?
I am stuck on Mars, can't travel anywhere
How can I make this block move up repeatedly?
Minecraft Lan Commands
Do points accumulated in mini games add up next time they start?
How to exit the estus soup room as a phantom?
Can Zarya block Tracer's ultimate after being stuck?
Does the timing of jumps matter?