From owner-freebsd-security@FreeBSD.ORG  Mon Feb  9 22:20:29 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 23EB01065692
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 22:20:29 +0000 (UTC)
	(envelope-from freebsd-security@dfmm.org)
Received: from dfmm.org (treehorn.dfmm.org [66.180.195.213])
	by mx1.freebsd.org (Postfix) with ESMTP id E2B4B8FC14
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 22:20:28 +0000 (UTC)
	(envelope-from freebsd-security@dfmm.org)
Received: (qmail 44284 invoked by uid 1000); 9 Feb 2009 21:53:47 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
	by localhost with SMTP; 9 Feb 2009 21:53:47 -0000
Date: Mon, 9 Feb 2009 13:53:47 -0800 (PST)
From: Jason Stone <freebsd-security@dfmm.org>
X-X-Sender: jason@treehorn.dfmm.org
To: Lyndon Nerenberg <lyndon@orthanc.ca>
In-Reply-To: <alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
Message-ID: <20090209134738.G15166@treehorn.dfmm.org>
References: <200902090957.27318.mail@maxlor.com>
	<20090209170550.GA60223@hobbes.ustdmz.roe.ch>
	<alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org, Daniel Roethlisberger <daniel@roe.ch>
Subject: Re: OPIE considered insecure
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2009 22:20:29 -0000


>> I also prefer current OPIE to copying SSH private keys to untrusted 
>> machines.

> The machine you are logging IN TO does not require your private key, 
> just your public key.

Right, but that's not the problem they're trying to solve.  They're trying 
to solve the problem of logging in _from_ an untrusted machine, to a 
trusted machine.

So, an alternative might be to carry around a USB key with a one-time 
private key, different from your normal private keys, and have the public 
key command-squashed on the server to remove itself from authorized_keys 
before running the shell.

You could generate several, each with a different passphrase (assuming 
that you could manage to remember that many passphrases and which keys 
they go with), and get a similar effect to printing out a card with the 
next ten OPIE passwords.


   -Jason