[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: One-Time passwords..

> Date: Mon, 9 Jun 1997 21:11:13 -0400 (EDT)
> From: Kirk Bauer <kirk@kaybee.org>

> I also have a direct connection between my 2 machines and I can
> use normal telnet then without worry of sniffing.  So here is
> my situtation:
> 1)  Password can't be sniffed:
>    a) SSH
>    b) telnet from my workstation
> 2)  Password can be sniffed:
>    FTP, telnet from anywhere else...
> So, I would like to have 2 passwords.  One for each of the 2 
> situations above.  That would be my first priority.

> How hard is all of this?  I know that PAM makes it *WAY* easier
> than it would have been without it!

Not so hard: use PAM-S/Key one-time passwords for ftp and telnet, and
use MD5 and/or shadow passwords for SSH and other services.  I'd use
SSH even between your workstations: it's arguably easier than telnet
because with ssh-agent you don't need to re-enter your password every
time.  When it's so easy, why not encrypt everything?

I have a PAM-S/Key library you can have: I can't get to our public
server right now, but I'll put it there tomorrow and post the address
to this list.


  Martin Pool, Pharos Business Solutions      <m.pool@pharos.com.au>
  bless my $self = {id => $_[1]}, $_[0];

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []