Intrusion Update
susmit shannigrahi
thinklinux.ssh at gmail.com
Mon Mar 30 15:01:31 UTC 2009
> So I'm not quite sure how to 'fix' this problem. By that I mean, even if
> we knew this attack was going to happen I'm not totally sure of a feasible
> solution, using only free software, that we could have used to fix it.
> Obviously a physical rsa key or the like would have worked but I don't
> think we have the manpower nor budget to implement such a system. So I
> ask the list, any ideas?
A single use random code/passwd mailed/texted each time one tries to
login and invalidated just after use??
Basically I am referring to RFC 2289[1]
[1]http://www.ietf.org/rfc/rfc2289.txt
Thanks.
--
Regards,
Susmit.
=============================================
ssh
0x86DD170A
http://www.fedoraproject.org/wiki/user:susmit
=============================================
Sent from: Calcutta WB India.
More information about the Fedora-infrastructure-list
mailing list