Date: Tue, 2 Jun 1998 14:20:38 +0200 From: Eivind Eklund <eivind@yes.no> To: Roger Marquis <marquis@roble.com>, freebsd-security@FreeBSD.ORG Subject: Re: SSH + s/key (was: Re: MD5 v. DES) Message-ID: <19980602142038.43482@follo.net> In-Reply-To: <Pine.SUN.3.96.980601210938.14212B-100000@roble.com>; from Roger Marquis on Mon, Jun 01, 1998 at 09:18:55PM -0700 References: <19980602015132.55099@follo.net> <Pine.SUN.3.96.980601210938.14212B-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 01, 1998 at 09:18:55PM -0700, Roger Marquis wrote: > On Tue, 2 Jun 1998, Eivind Eklund wrote: > > The SSH-1 protocol doesn't make it possible to use s/key for one-time > > passwords, at least. There is no provision for showing a challenge to > > the user. > > Partly true. You can accomplish the same goal by creating an "skey" user > account with no password and skeysh as the shell. "ssh <remote_host> -l > skey" will establish an encrypted connection, log into the skey account > and ask for a username before displaying the skey sequence number and > password prompt. Neat trick! However, I believe it still doesn't really solve the problem, as (I guess) scp etc won't work. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980602142038.43482>