Mr. Kish,

Have you looked at using SSH in conjunction with application/shell
logins? You would
"wrapper" your communications inside of a SSH connection. (You would
use the rsa/dsa
key functionality here). Once the connection is established, you would
use a shell or
application login to get the password complexity, you wanted.

From a security perspective, not only would you have two factor
authentication, but also
two separate security mechanism. The other nice feature of this
approach is that you would
only need one SSH server to proxy all of your other services.

Hope this helps

thr
-----

Ryan Kish wrote:
> Hello List.
>
> I am currently trying to determine how I can implement two factor
> authentication for some servers that sit on border networks. Ideally,
> a user would be required to use an rsa/dsa key & their system login
> password to gain access. This way, they are using something they have
> (rsa/dsa key) and something they know (password). It would allow me
> enforce complex passwords as well as expiration time on the server
> side.
>
> Searching for previous posts on this subject has not been easy, but I
> did come across a thread from 2006:
> http://marc.info/?t=114928353600001&r=1&w=2
>
> At that time, it looks like OpenSSH did not have the capabilities to
> enforce multiple authentication. Has this changed? Are there other
> ideas on how I could enforce password complexity and still utilize
> rsa/dsa keys?
>
> Thanks for your time,
> Ryan
>
>

[ reply ]