Is an SSH key with a passphrase a 2FA?

A second factor is defined as independent of the first factor. That means your system should stay secure, even if one of the factors is compromised (and you are aware of the compromise).

For example, a door badge and a fingerprint are independent of each other, and just having the door badge or the fingerprint is not enough to gain access. This is often called "multi-step authentication" instead of "multi-factor authentication".

Now imagine your scenario: You have a private key, encrypted with a strong passphrase. Are those two factors? No, because the private key can also exist without passphrase. An attacker that compromises the private key can thus log into your system, even without knowing that passphrase. In fact, the server is completely unaware if your private key is protected by a passphrase or not.

If you want true multi-factor authentication, there are SSH modules that do exactly that. That being said, a private key encrypted with a strong password is often enough.

Note: The original question talks about "an SSH key with a Passphrase to login on a server", which I interpreted as a private key, encrypted with a passphrase.


2FA requires two different factors or categories of authentication. (They must be different categories; a password and a PIN would not be considered 2FA.)

Wikipedia provides a great list of factors:

  • Knowledge factors: Password, PIN, secret questions
  • Possession factors:
    • Disconnected tokens (human-readable): Google Authenticator
    • Connected tokens (machine-readable): YubiKey
    • Software tokens: X.509 certificate, SSH private key
  • Inherent factors:
    • Biometrics: fingerprint, voice, iris
    • Behavior: keystrokes, signature
  • Location: physically secured networks

Your password is a knowledge factor; your SSH key is a possession factor.

Note that ease of duplication does not preclude an SSH key from being a possession factor. Physical keys can be copied with a camera, a printer, and a soda can; they are still a possession factor.

The purpose of multi-factor authentication is to leverage the advantages of multiple types of authentication, decreasing the risk of compromise.

Your password is short enough that it is never written and therefore difficult to obtain. Your SSH key is long and therefore hard to guess.

Together, they make a successful attack less likely.

EDIT: Several people have opined that because the key could be used unencrypted, it is no longer 2FA.

That is simply absurd.

If you can bring an unencrypted SSH key into existence without compromising two factors, and then use that information to claim that is all that is needed, why not save yourself some work and bring copies of server's files into existence?


All you need to access the server's files is an unencrypted SSH key

is no different than stating

All you need to access the server's files is a ZIP of the server's files.

But how did you get that key/ZIP? You had to compromise multiple factors. (Or there is some backdoor you are adding, like access to the server room.)

It's true that it's not a server-enforceable use of 2FA. In an organizational setting, it's often a requirement for the 2FA to be centrally enforceable. But

  1. That's not the question.

  2. Server-enforcement is never the final word of a security system anyway.

    1. If a door requires a physical key and keypad PIN, that door is "enforcing" 2FA as much as anyone can. But when you print the PIN on all the keys, you have a 1FA system.

    2. Likewise you can increase the factors. A password-protected laptop behind a door with a physical key is 2FA, despite the fact that there isn't a single component enforcing both factors. You could remove the laptop from the room and reduce security to 1FA, though until actually you do that, there is a 2FA system.

EDIT2: This answer also explains why the common practice of a separate password-protected encryption key -- which is what an SSH key is -- is two factors: the key (something you have) and the password (something you know). Someone must obtain both to produce a bare encryption key needed for data access.

No. Other answers are pretty close, but miss important factor.

I won't repeat in detail what other say, just summarize that for SSH key+password to be multi-factor in your case, it would have to be "something you know" + "something you possess".

What I would argue is if you need only knowledge to effectively replicate "something you have" (so nobody can tell which is original and which is copy), then it is not "something you have" but "something you know" instead.

For example, if I can't remember my password and have written it on a piece of paper, it doesn't stop being "something I know" and become "something I have". It is still just password (even if hard-to-remember), and once someone learns it, they can impersonate me any time they want without me knowing. It is the same with SSH private key. It is just data, and data is by definition "something you (could) know (and effortlessly make an exact and indistinguishable copy of)".

The main feature for something to be "something I have" is how hard it is to copy by unathorized third party, as the main feature of effective "something I have" is that the only realistic way the attacker can have it is if I don't have it anymore (as I'm bound to notice I'm missing it).

Of course, there are many many grey areas, as mentioned in some posts. CHIP bank cards would be "something I have" today, as it is not possible (without a lot of effort, people and money) to make a authentic working duplicate. However Bank card authorized only by magstripe, which any cashier can make a copy of with $25 equipment and $1 of materials is no longer effective "something I have".

Also, as technology progresses, definitions change. Once upon a time, MD4 was cryptohash. Nowadays it is most definitely NOT - it is just a hash, no better at being a cryptohash than simple Checksum.

So, "SSH private key + passphrase" actually fails at being two-factor authentication method on two fronts:

  1. SSH private key is just information and not physical object, so it is by definition "something you know" and not "something you have".
  2. if some authentication factor is totally ineffective at making it harder for attacker to succeed in authentication, can it still be called an authentication factor? If your server enforces 1-character-maximum password length and no limit on number of tries, is it still authentication factor? In strict theory, it might be, but in practice it is just security theater.

Note that this does not mean that ssh private key + passphrase is bad: it is much better than plain password, or unprotected private key. But it is not 2-factor.

But if you want extra security provided by two-factor authentication in ssh, you can setup 2-factor authentication in ssh, preferably in addition to having it's private key protected with passphrase.