From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LKyC6-0004U7-2p for garchives@archives.gentoo.org; Thu, 08 Jan 2009 16:57:18 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5FFA9E0387; Thu, 8 Jan 2009 16:57:16 +0000 (UTC) Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.246]) by pigeon.gentoo.org (Postfix) with ESMTP id 31F2FE0387 for ; Thu, 8 Jan 2009 16:57:16 +0000 (UTC) Received: by rv-out-0708.google.com with SMTP id b17so9679736rvf.46 for ; Thu, 08 Jan 2009 08:57:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=KWTLeU/pLmkdhLZNbei1Ko+55r1ISKwq7bzVBD2Z4vQ=; b=fyE0Pn0wA5qxW4+2NnIC3RTNVjA4sWuKuwJkKPZzb/xRixT9+l3KVz9+v0diMQCPxE tMzHJlzCR/j8JGnhK1m4DSyoiW5LEHRlboUMH6AsQtA8PJrT6gAXKaZHFrlSREuATqyX cYMs9HofPG2v7QMCwpma9Q8/S90pLwEJVT0tU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=mMTZfiWV0cERa+i2l/o2JxQRDtg9azSUqtwfjMyoMux08NCnm0M5lPlrJYgB7g7kM/ cVjBOZce9t4ZA8c+rmdIHQsvUhWxsdzukt3Jkq3AN7CpNDqMiUwRLsKA5I4fy9v7eKQx t9MZMUmfHp6cmSn5SWL3rAdbOWXKY4MmF2/kM= Received: by 10.140.164.1 with SMTP id m1mr12226926rve.66.1231433835638; Thu, 08 Jan 2009 08:57:15 -0800 (PST) Received: by 10.140.199.10 with HTTP; Thu, 8 Jan 2009 08:57:15 -0800 (PST) Message-ID: <58965d8a0901080857q1e004496ida87338c105b3bf1@mail.gmail.com> Date: Thu, 8 Jan 2009 10:57:15 -0600 From: "Paul Hartman" Sender: paul.hartman@gmail.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH login with both key AND password? In-Reply-To: <496544CC.5050300@xs4all.nl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <58965d8a0901071528u464c7aa7w8cd5bcfab7530c4e@mail.gmail.com> <496544CC.5050300@xs4all.nl> X-Google-Sender-Auth: ed63984162bf34fa X-Archives-Salt: aa826840-c0d1-46e2-96f8-2342e506e7b0 X-Archives-Hash: 8bf84f79f78b366dc7c47adda62b8ea6 On Wed, Jan 7, 2009 at 6:11 PM, Dave Jones wrote: > Paul Hartman wrote on 08/01/09 00:28: >> Hi, >> >> Normally I'm using SSH with regular password login, and I've read >> about generating a keypair and having a password-less connection that >> way. Is there a way to require both the key AND a password? Basically >> if I put the key in my SSH client at work, I don't want a co-worker to >> be able to login to my home PC, or someone to grab my phone, etc. >> >> Is there a way to put a passphrase on the key (seperate from my user >> account password)? Maybe that would work... Otherwise I've thought >> about having a dummy SSH account and then "su - realuser" to get >> access, but that seems kind of messy. >> >> I've always used password login and IP-restricted it, but now I'm >> traveling more and never know what IP I might be connecting from, so >> using a key seems to be the best plan, or maybesome kind of >> portknocking (but that's difficult from restricted ssh environments >> such as a phone). >> > By default ssh-keygen creates a key pair with a passphrase. It's your choice to enter or omit a passphrase. > > If you've generated a key without a passphrase, you can add a passphrase using ssh-keygen -p > > Entering a passphrase encrypts the private part of the key, which you keep only on the server. You only need the public part of the key on the client. > > Cheers, Dave It works great. Thanks everyone for your responses! Paul