|
I'll go get clarity but based on all the info I've received so far it is
both ssh key and password auth during the client server connection.
ONLY thing I think that may be a possibility is
PreferredAuthentications=Keyboard-Interactive
In which case, perhaps both can be applied? I don't know.
Let me clarify the request.
thanks Patrick
Jay
On Thu, Sep 5, 2024 at 11:02 AM Patrik Schindler <poc@xxxxxxxxxx> wrote:
Hello Jay,
Am 05.09.2024 um 16:44 schrieb Jay Vaughn <jeffersonvaughn@xxxxxxxxx>:
that's what I thought Patrick... and this customer has MANY vendors theywork with in the product and every vendor is either SSH Key validated OR
password... but now they have a vendor that requires both.
So yes, both authentication methods have to happen.I'm not aware that is is even possible. To my current knowledge, ssh
authentication does not "stack". Once one method succeeds, the rest is
skipped.
Is that possible, from the IBM i client side.I guess this is not a special IBM i thing but a generic OpenSSH topic.
Maybe this helps you searching for clues?
for password auth I utilize the EXPECT script.... But really we don'tneed
to muddy the picture with that... Just need to know when we spawn thekeys
sftp.. is there a way to tell the process we should authenticate both
and password?Are you 100% sure you're talking about Key- and Password authentication
taking place? Or are you perhaps using a password protected private key
file?
The key is encrypted with the password hash and to be used it must be
first decrypted. All of this is a purely local procedure. You can even use
ssh-keygen to remove the passphrase, so you can use the unencrypted key for
authentication. Once that keyfile is copied by unauthorized thirds, bad
things may happen. But I guess you're aware of that?
Search for "ssh-keygen manpage" on the internet to see how to change the
password or remove it with the -p parameter.
:wq! PoC
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.