Probably you are used to SSH login authenticated by either private key or password. However, is it possible to use both of them for SSH login?
OpenSSH added support for multiple required authentication in SSH protocol 2 since OpenSSH version 6.2 (released March 2013), using the AuthenticationMethods configuration option. You can specify a list of authentication methods separated by comma in this option, and as a result, the user need to pass all the authentication methods to login to the system via SSH.
To require both public key and password authentication for SSH login, add the following line to /etc/ssh/sshd_config:
In the mean time, you need to make sure that PasswordAuthentication and PasswordAuthentication are set correctly:
PubkeyAuthentication yes PasswordAuthentication yes
Restart ssh after sshd_config is modified:
sudo restart ssh
When logging in, ssh and scp will first perform public key authentication, and then prompt for a password:
> ssh firstname.lastname@example.org Authenticated with partial success. email@example.com's password:
You need then fill in password to complete the login process.
In this way, a user needs to pass both public key authentication and server password when login via SSH.