Ask HN: Are SSH keys with passphrases considered 2FA?

3 points by h43z a day ago

It could be argued that from the servers perspective only one thing was provided, so it's not 2FA.

Then what about ssh keys AND user/password authentication?

Like this sshd_config

  PasswordAuthentication yes
  PubkeyAuthentication yes
  AuthenticationMethods publickey,password

I guess it boils down to if one thinks ssh keys are something you know or something you have? The passphrase and password is very clearly something I know.

I'd like to hear your thoughts.

theandrewbailey a day ago

If the server login needs a key and password (separate from the password to encrypt your private key), yes that's two factor: the server sees something you know and something you have. I worked on a platform (Salesforce B2C Commerce Cloud) that sometimes used WebDAV with HTTP basic auth and HTTPS client certificates (combined), and that was considered two factor authentication. I don't see how that's totally different from this SSH setup.