[Security Announce] MDKSA-2002:040 - openssh update (fwd)
error at sonic.net
Wed Jun 26 16:08:12 PDT 2002
> It's used to enable things like s/key authentication, which is pretty
> unusual to have turned on. (it requires a small piece of hardware that the
> user has to have with them to be able to log in;
s/key is actually not that uncommon, it just depends on why you
shouldn't run it.
I personally like s/key a lot, but I think its a pain in the ass to
carry around a card with me all the time.
You do not need to have a piece of hardware (although the rsa id's I
have seen are hardware). Pete Shipley (of dis.org fame) showed me his
s/key setup and its great.
He had a paper card with 100 phrases on it and the ssh server challenged
for a certain key that corresponded to the card and the last key used on
I think s/key is the only way to have a secure login system but for all
intents and purposes it isn't used by most geeks.
I think the reason that I don't run s/key on any of my servers is
because at the moment, is because I don't have a printer handy to print
out the cards.
-----BEGIN GEEK CODE BLOCK-----
GCS/GL/GP/GSS d++(dx) s+++:- a? c++++(+++) UBL++++(+++) P++ L+++ E-
W++(+++) N++ o+ K !w O- M++ V- PS+++(++) PE Y++ PGP++ t 5++ X+ R- TV--
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about:
More information about the talk