[H-GEN] How safe is SSH on the internet?

Christopher Biggs listjunkie at pobox.com
Mon Jun 30 02:16:41 EDT 2003


[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Jason Parker-Burlingham <jasonp at panix.com> moved upon the face of the 'Net and spake thusly:

> S-key is very likely to be what you want.  After setting it up you get
> a list of passphrases which can be used to log into the machine.
> They're pretty simple ("ONE OCEAN FOREST APPLE DATUM" might be such a
> phrase) but you work your way down the list from the first to last,
> never using the same passphrase twice.  So even if someone does sniff
> the passphrase---unlikely with SSH!---it will not help them at all.

I was thinking of the arrangement where the server gives you a
challenge, which you type into a little keyring widget (or a program
in your palmtop, laptop or trusted desktop box) along with your master
password and it spits back a one-time password for you to use.

--cjb


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/



More information about the General mailing list