View Single Post
  #4   (View Single Post)  
Old 23rd March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,106
Default

Yes, if a passphrase is selected, then SSH PKA can provide two-factor authentication. But passphrases are optional. Their use must be enforced by policy.

Any system that requres a user to authenticate two different ways -- a) something they have, combined with b) something they know -- are two-factor authentication methods. Other examples: RSA key fobs that provide changing sequences combined with a user PIN. Web applications that require both a client X.509 certificate and a password/passphrase. VPN clients that require workstation certificates combined with a password/passphrase.
Reply With Quote