My organization has a server that requires two identity files simultaneously for one ssh connection. Just like this: ssh -i /first/key -i /second/key user@hostAnd i am wondering how does it implemented? How to configure my own SSH server to make it require two identity files at the same time for one client?

1 Answer

This is controlled by the AuthenticationMethods section of the OpenSSH configuration. From the documentation, the most relevant section is this:

If the publickey method is listed more than once, sshd(8) verifies that keys that
have been used successfully are not reused for subsequent authentications. For
example, "publickey,publickey" requires successful authentication using two
different public keys.

This is exactly what you are asking to do. So, with this in mind, let's get it done.

On the server ...

1. Create a new file for the AuthenticationMethods option:

   sudo {editor of choice} /etc/ssh/sshd_config.d/two_key.conf

   ^{Note: Be sure to replace {editor of choice} with your editor of choice.}
2. Add this line to the file:

   AuthenticationMethods publickey,publickey 

3. Save the file and restart OpenSSH Server:

   sudo service sshd restart 

4. Ensure both (or all) of your public keys are properly added to ~/.ssh/authorized_keys
5. Connect from another machine:

   ssh -i /first/key -i /second/key user@host 

That's all there is to it 👍🏻

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy