From owner-freebsd-security Tue Jun 2 05:21:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA13957 for freebsd-security-outgoing; Tue, 2 Jun 1998 05:21:30 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.119.24.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA13915 for ; Tue, 2 Jun 1998 05:21:24 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.8.7/8.8.7) with ESMTP id MAA07876; Tue, 2 Jun 1998 12:20:58 GMT Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id OAA23795; Tue, 2 Jun 1998 14:20:38 +0200 (MET DST) Message-ID: <19980602142038.43482@follo.net> Date: Tue, 2 Jun 1998 14:20:38 +0200 From: Eivind Eklund To: Roger Marquis , freebsd-security@FreeBSD.ORG Subject: Re: SSH + s/key (was: Re: MD5 v. DES) References: <19980602015132.55099@follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89.1i In-Reply-To: ; from Roger Marquis on Mon, Jun 01, 1998 at 09:18:55PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jun 01, 1998 at 09:18:55PM -0700, Roger Marquis wrote: > On Tue, 2 Jun 1998, Eivind Eklund wrote: > > The SSH-1 protocol doesn't make it possible to use s/key for one-time > > passwords, at least. There is no provision for showing a challenge to > > the user. > > Partly true. You can accomplish the same goal by creating an "skey" user > account with no password and skeysh as the shell. "ssh -l > skey" will establish an encrypted connection, log into the skey account > and ask for a username before displaying the skey sequence number and > password prompt. Neat trick! However, I believe it still doesn't really solve the problem, as (I guess) scp etc won't work. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message