How can I increase ssh security? Can I require both a key and password?
The login with password and key is the same as "just with key". During the key creation, you are asked to enter passphrase. If you leave it blank, you won't be asked for a password. If you fill some passphrase, you'll be asked for it everytime when you want to login.
If you are concerned about security, consider some of these advices mentioned trillion times in this forum:
- Disable ssh login for root
- Allow ssh access only from defined ip addresses (iptables, hosts.allow,... )
- Move ssh port to another port (more obscurity then security, but it works)
- Monitor foreign login attempts and react accordingly
- Keep your system up-to-date
Update: Please refer to the answer here for how to require both a public key and local system password with an OpenSSH server.
One idea I found interesting is port knocking - basically, in order to establish the ssh connection, you first have to probe on a sequence of other ports, before the ssh server will acknowledge a connect request. If the correct sequence of ports is not used, there is no response, so it effectively looks like there is no ssh server running. The sequence of ports is customizable and can be shared with your intended users; everyone else would effectively be unable to connect.
I haven't tried this myself, but from what I've heard (which isn't much, actually) the overhead is negligible and it lowers your visibility profile tremendously.
Patches related to enabling directly in SSH and lots of relevant discussion:
This can also be done without modification by having a password verification script combined with the use of the
ForceCommand configuration option.
Finally, though no module exists for it, if you moved the public key authentication to PAM then you would be able to require both steps to pass before PAM considered authentication successful.
RequiredAuthentications publickey, password
sshd_config if you are using sshd from ssh.com. This feature is not available in OpenSSH.