two-factor authentication question

Hello,

I was wondering if someone could clarify something for me..

I am currently login to my server using SSH key authentication with an additional password on top.

Could someone please tell me if this method is as secure as using a two-factor authentication?

Which of the two is more secure and which application is best suited for the job?

Thank you
Fred
 
Two-factor authentication means that you are using 2 different methods to authenticate yourself. In a sense, using a preshared key with a passphrase is a sort of two-factor authentication. Your key being the one and the passphrase the other.

There are other commercial, some provide limited free service, that combine a user/pass with a mobile phone app as the second form of authentication.
 
I am (very) far to be an expert but it seems that duo security is able to use certificate authentication. I just looked into this one in the past but never went as far as using it. I imagine that other providers can do the same as well.

--- Edit ---

I forgot to mention the related port : security/duo
 
Have a look at the security/pam-google-authenticator port that works with Google Authenticator, which is available on the various smartphone platforms. If someone stole your private key and your password, they would still need the time-sensitive code to log in. You might decide that key plus code is secure enough for you. Let me caveat my suggestion by saying that while it has been on my task list for a while, I'm yet to configure this myself.
 
I am (very) far to be an expert but it seems that duo security is able to use certificate authentication. I just looked into this one in the past but never went as far as using it. I imagine that other providers can do the same as well.

--- Edit ---

I forgot to mention the related port : security/duo

Really? I am using DUO security for a VPN server but I had never checked if they provide the same feature for ssh authentication using public/private key authentication. I will definitely check this out.
 
Back
Top