Re: 2way authentication for SSH?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 01/30/2013 08:40 AM, Nux! wrote:
> On 28.01.2013 13:07, SilverTip257 wrote:
>> Google Auth
>> http://www.noktec.be/archives/1351
>> http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secures-linux-logins-392
>> http://prasys.info/2012/10/two-way-authentication-for-wordpress/
> How can one be concerned with security AND put his login at the mercy
> of google (or any other 3rd party)??

It depends on what the 3rd party is doing.  In the case of PKI, the 3rd 
party is providing an attestation service.  This is normally good, and 
presents little risk to the user(s).  Exposure to tracking usage would 
be if OCSP (online cert checking, I suspect I got the wrong letters 
here) is used.

In the case of federated password identities and things like SAML and 
JSON, security CAN be good, but tracking is high.

Disclaimer:  I am in the 3rd party authentication business.  I am 
involved with Verizon's UIS (do a Google search on it :) ) and PKI.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux