> So I'm not quite sure how to 'fix' this problem. By that I mean, even if > we knew this attack was going to happen I'm not totally sure of a feasible > solution, using only free software, that we could have used to fix it. > Obviously a physical rsa key or the like would have worked but I don't > think we have the manpower nor budget to implement such a system. So I > ask the list, any ideas? A single use random code/passwd mailed/texted each time one tries to login and invalidated just after use?? Basically I am referring to RFC 2289[1] [1]http://www.ietf.org/rfc/rfc2289.txt Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from: Calcutta WB India. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
