On Mon, 30 Mar 2009, Damian Myerscough wrote: > Hello, > > What about the use of S/Key (one-time passwords) I think it is possible to > deploy SSH with S/Key authentication. I haven't look into it that much but it > could be a possible solution? > If someone had my username, password, and ssh key. How would that prevent them from getting a otp? -Mike > susmit shannigrahi wrote: > > > So I'm not quite sure how to 'fix' this problem. By that I mean, even if > > > we knew this attack was going to happen I'm not totally sure of a feasible > > > solution, using only free software, that we could have used to fix it. > > > Obviously a physical rsa key or the like would have worked but I don't > > > think we have the manpower nor budget to implement such a system. So I > > > ask the list, any ideas? > > > > A single use random code/passwd mailed/texted each time one tries to > > login and invalidated just after use?? > > > > Basically I am referring to RFC 2289[1] > > > > [1]http://www.ietf.org/rfc/rfc2289.txt > > > > Thanks. > > > > -- > Regards, > Damian Myerscough > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
