Re: add keys and certificate to forwarded agent on remote host

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Why not just use Yubikeys ?  SSH keys (at least the RSA type, the SSH's developers failure to adopt other supported key types after many years is something of an un-necessary frustration to the greater SSH community).

So issue your users with Yubikeys.  You can enforce the Yubikey so it requires the user to enter a PIN *and* touch the Yubikey.  This means there's an incredibly high degree of confidence that it was the user who performed the actiion (i.e. two-factor authentication of physical Yubikey and PIN, plus anti-keylogger because of the mandatory touching of the Yubikey).

You can use Yubikeys with ssh-add too, if you want.  Or you can just use it for ad-hoc individual logins.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux