2011/6/10 Les Mikesell <lesmikesell at gmail.com>: > On 6/10/2011 3:35 AM, Ljubomir Ljubojevic wrote: >> Robert Spangler wrote: >>> On Thursday 09 June 2011 17:34, the following was written: >>> >>>> How to configure sshd to required both ssh public key and user >>>> password also? yes, stupid, but required on my setup.. >>> >>> Have you thought about securing your ssh keys with a pasword? I do that here >>> so if someone would happen to get a hold of my keys they still could not use >>> them. I am guessing that is why you are looking for both keys and passwords. >>> >>> >> Not really. My view is so he can authenticate from his own PC without >> the need to type the password, but if he is on someone else's system he >> whould use regular password. That is what I would like to be able to do. > > That's just normal behavior when both are enabled. If the key works, > you don't get the password prompt. But even in the 'ultrasecure' > scenario of requiring both, do you really want people typing their > passwords on equipment that might have a keylogger running? Yes, because of compliancy requirements. ssh public key does not support expiring public keys. (maybe you can use cron job to delete too old public keys from server?) -- Eero