[Security Announce] MDKSA-2002:040 - openssh update (fwd)

error error at sonic.net
Wed Jun 26 16:08:12 PDT 2002


> It's used to enable things like s/key authentication, which is pretty
> unusual to have turned on.  (it requires a small piece of hardware that the
> user has to have with them to be able to log in;


s/key is actually not that uncommon, it just depends on why you
shouldn't run it.

I personally like s/key a lot, but I think its a pain in the ass to
carry around a card with me all the time.

You do not need to have a piece of hardware (although the rsa id's I
have seen are hardware). Pete Shipley (of dis.org fame) showed me his
s/key setup and its great.

He had a paper card with 100 phrases on it and the ssh server challenged
for a certain key that corresponded to the card and the last key used on
the card.

I think s/key is the only way to have a secure login system but for all
intents and purposes it isn't used by most geeks.

I think the reason that I don't run s/key on any of my servers is
because at the moment, is because I don't have a printer handy to print
out the cards.

ha.


-- 

Jake

-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/GL/GP/GSS d++(dx) s+++:- a? c++++(+++) UBL++++(+++) P++ L+++ E-
W++(+++) N++ o+ K !w O- M++ V- PS+++(++) PE Y++ PGP++ t 5++ X+ R- TV-- 
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about:
http://www.geekcode.com/geek.html



More information about the talk mailing list