I would like to get Mobile-phone verification or something else besides the SSH-key verification.
How can you add defence to the SSH-keys?
Asked
Active
Viewed 199 times
2
-
7What do you mean that someone is spoofing you? – Michael Hampton Feb 09 '14 at 07:54
3 Answers
5
You can use Two Factor Authentication to improve the security of ssh keys (and other authentication methods). I use Duo's two factor authentication. It's free for a limited number of users and is relatively cheap beyond that. It can be installed in a wide variety of OS/Applications etc. There are other 2FA products available.
user9517
- 115,471
- 20
- 215
- 297
3
I found that hardware two-factor tokens work well. I chose the yubikey, because it was reasonably inexpensive, had no licensing costs over and above the initial hardware purchase, required no specialist client-side software except a USB port, and I was entirely responsible for key management and distribution; I had to reposit my trust in noone except myself.
You can find a more detailed writeup here, if you want the technical nitty-gritty. (Disclaimer: I have no connection to yubico at all, save as a satisfied customer.)
MadHatter
- 79,770
- 20
- 184
- 232
2
Maybe adding a one-time passcode authentication PAM (ex. https://code.google.com/p/google-authenticator/) to your system will give you some extra "layer of security".
deagh
- 2,019
- 5
- 19
- 19