>> If you want 2 factor authentication, you can add yubikeys. They are >> little >> usb dongle that provides one-time-password. And the server-side for those >> is >> open-source if you don't want to use their authentication servers. And >> they >> are relatively cheap. >> >> We use these here on our border servers to increase security. > > is this easy to ingrate with openssh server on centos 5.x ? There is 2 rpm in epel (libyubikey and pam_yubico) that make it pretty easy to integrate into openssh (via pam).