1

I have a ssh server running on a raspberry pi. This ssh server can only be accessed by 1 user on my ubuntu laptop only.

I have created 2 pairs of ssh keys using:

ssh-keygen -t ed25519 -o -a 100 
ssh-keygen -t rsa -b 4096 -o -a 100

The 2 public keys have been appended to ~/.ssh/authorized_keys on the ssh server.

When I view the authorized_keys file, it is as below:

ssh-ed25519 ...
ssh-rsa ...

What I want is a dual authentication where BOTH key pairs are verified before establishing ssh connection. In my case, I have noticed that it is possible to connect whenever I have 1 key pair authenticated.

Kindly assist.

iLW
  • 121
  • 3

1 Answers1

1

Yes you can configure your server to require multiplie public keys, as documented in the AuthenticationMethods sshd_config keyword:

If the publickey method is listed more than once, sshd(8) verifies that keys that have been used successfully are not reused for subsequent authentications. For example, “publickey,publickey” requires successful authentication using two different public keys.

So to test this on a single user named test, one can add this at the end of the sshd_config file (and reload configuration):

Match User test
    AuthenticationMethods publickey,publickey

And then add the two public keys in ~test/.ssh/authorized_keys as usual.

On the client side, if keys aren't readily available for example with a running ssh-agent one should supply both keys as parameters like for example:

ssh -i ~/.ssh/id_rsa -i ~/.ssh/id_ed25519 test@server
A.B
  • 9,037
  • 2
  • 19
  • 37