From owner-freebsd-security Tue Jun 2 09:18:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA22252 for freebsd-security-outgoing; Tue, 2 Jun 1998 09:18:05 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from antipodes.cdrom.com (castles327.castles.com [208.214.167.27]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA22224 for ; Tue, 2 Jun 1998 09:17:53 -0700 (PDT) (envelope-from mike@antipodes.cdrom.com) Received: from antipodes.cdrom.com (localhost [127.0.0.1]) by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id IAA00439; Tue, 2 Jun 1998 08:13:32 -0700 (PDT) Message-Id: <199806021513.IAA00439@antipodes.cdrom.com> X-Mailer: exmh version 2.0zeta 7/24/97 To: Roger Marquis cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH + s/key (was: Re: MD5 v. DES) In-reply-to: Your message of "Mon, 01 Jun 1998 21:18:55 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 02 Jun 1998 08:13:31 -0700 From: Mike Smith Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Tue, 2 Jun 1998, Eivind Eklund wrote: > > The SSH-1 protocol doesn't make it possible to use s/key for one-time > > passwords, at least. There is no provision for showing a challenge to > > the user. > > Partly true. You can accomplish the same goal by creating an "skey" user > account with no password and skeysh as the shell. "ssh -l > skey" will establish an encrypted connection, log into the skey account > and ask for a username before displaying the skey sequence number and > password prompt. Except that logging in is only one of the things that you do with a username/password pair. How does this help, eg. FTP? -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message