# two-factor authentication question



## fred974 (Apr 3, 2015)

Hello,

I was wondering if someone could clarify something for me..

I am currently login to my server using SSH key authentication with an additional password on top.

Could someone please tell me if this method is as secure as using a two-factor authentication?

Which of the two is more secure and which application is best suited for the job?

Thank you
Fred


----------



## gkontos (Apr 3, 2015)

Two-factor authentication means that you are using 2 different  methods to authenticate yourself. In a sense, using a preshared key with a passphrase is a sort of two-factor authentication. Your key being the one and the passphrase the other.

There are other commercial, some provide limited free service, that combine a user/pass with a mobile phone app as the second form of authentication.


----------



## fred974 (Apr 3, 2015)

Is the level of security the same in both methods?


----------



## gkontos (Apr 3, 2015)

fred974 said:


> Is the level of security the same in both methods?



I would not use it for ssh access because I am not sure if they support public/private key authentication.


----------



## hukadan (Apr 3, 2015)

I am (*very*) far to be an expert but it seems that duo security is able to use certificate authentication. I just looked into this one in the past but never went as far as using it. I imagine that other providers can do the same as well.

--- Edit ---

I forgot to mention the related port : security/duo


----------



## asteriskRoss (Apr 3, 2015)

Have a look at the security/pam-google-authenticator port that works with Google Authenticator, which is available on the various smartphone platforms.  If someone stole your private key and your password, they would still need the time-sensitive code to log in.  You might decide that key plus code is secure enough for you.  Let me caveat my suggestion by saying that while it has been on my task list for a while, I'm yet to configure this myself.


----------



## gkontos (Apr 3, 2015)

hukadan said:


> I am (*very*) far to be an expert but it seems that duo security is able to use certificate authentication. I just looked into this one in the past but never went as far as using it. I imagine that other providers can do the same as well.
> 
> --- Edit ---
> 
> I forgot to mention the related port : security/duo



Really? I am using DUO security for a VPN server but I had never checked if they provide the same feature for ssh authentication using public/private key authentication. I will definitely check this out.


----------

