From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 12 00:26:03 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A976D961
 for <freebsd-questions@freebsd.org>; Fri, 12 Sep 2014 00:26:03 +0000 (UTC)
Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se
 [82.182.32.53])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 13E0CB3E
 for <freebsd-questions@freebsd.org>; Fri, 12 Sep 2014 00:26:01 +0000 (UTC)
Received: from kw.news4all.se (localhost [127.0.0.1])
 by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id s8C0MUYl057649;
 Fri, 12 Sep 2014 02:22:30 +0200 (CEST)
 (envelope-from bah@bananmonarki.se)
Message-ID: <54123CC6.10207@bananmonarki.se>
Date: Fri, 12 Sep 2014 02:22:30 +0200
From: Bernt Hansson <bah@bananmonarki.se>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: John Case <case@SDF.ORG>, freebsd-questions@freebsd.org
Subject: Re: comparing SSH key and passphrase auth vs. an SSH key *with* a
 passphrase ...
References: <Pine.NEB.4.64.1409112200270.27915@faeroes.freeshell.org>
In-Reply-To: <Pine.NEB.4.64.1409112200270.27915@faeroes.freeshell.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 00:26:03 -0000

On 2014-09-12 00:04, John Case wrote:
>
> Hi,
>
> I've always used SSH with simply a password.  This has always worked
> fine for me.
>
> Lately, I've been thinking that I might like to increase my security by
> using *both* a UNIX password and an SSH key.  That is, I can't log in
> unless I have my password and my key.  However, it doesn't look like SSH
> supports this - either you do unix password OR you do SSH key, it
> doesn't look like there is any way to do both.
>
> However, what I could do is only use an SSH key, but set a passphrase on
> that key.  The only difference here is that my safety is all bound up in
> SSH, whereas before it was distributed between SSH and the OS.
>
> So I'm curious...
>
> What's the difference between using a UNIX password combined with an SSH
> key (if that actually worked, which it doesn't) and using an SSH key
> with a passphrase attached ?  Is one of these better than the other ?
> Are they the same ?
>
> What's the difference ?

Check out the handbook
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html