Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: per user authentication types?

from [Josh Grosse] Network Security [Permanent Link]
Subject: Re: per user authentication types?
Date: Fri, 7 Apr 2006 11:06:09 -0400 
If your OS supports S/Key, you might find that a useful option.  S/Key
authentication uses one-time-use passwords; much safer than general use
password protection.  You (and any others who need it) can keep a collection
of S/Key passphrases in a wallet, and use them even with public-access
PCs in internet cafes or libraries -- notorious for having keyboard capture
virii and other ills.

To support S/Key -- if the OS allows it -- one merely needs 

        ChallengeResponseAuthentication yes

in sshd_config.

I use OpenBSD.  In that environement, to use S/Key, I merely connect with 
"<user>:skey" as the login userid to enable the challenge and response.  I 
get a prompt that shows me which passphrase to use from my list of passphrases. 

If I don't use the "...:skey" login 'style' then the only other allowable
authentication is RSA public key.  

When using S/Key, I just need to ensure no one else can read the passphrase 
list when I remove it from my wallet. :)
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenSSH and VPN, Matt P
Next by Date:  Re: No username prompt SSHD, Patrick Morris
Previous by Thread:  per user authentication types?, ssh
Next by Thread:  Re: per user authentication types?, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]