[kwlug-disc] Tightening up SSH

Andrew Kohlsmith (mailing lists account) aklists at mixdown.ca
Tue Jul 20 10:36:29 EDT 2010


On Tuesday, July 20, 2010 10:32:15 am Adam Glauser wrote:
> > Are there hooks in the ssh protocol (and in Ubuntu) to receive a
> > challenge from the remote and display it to the user, gathering a
> > response and sending it back?
> 
> This seems to be what the YubiKey that Chris mentioned upthread is
> trying to do.  He says there is supposed to be a PAM module available.
> It claims it is better than a one-time pad, and to not require a
> challenge/response, though I haven't had time to figure out how it works
> exactly.

I read about the Yubikey after seeing the link here... it sounds almost 
perfect, but the site says that the key itself does not have any 
challenge/response mechanism.

I understand that the server/client have a challenge/response (server asking 
client for Yubi passphrase, client obtaining it from the key and responding to 
server with it)... I'm gonna dig around some more... I'm liking this.

-A.




More information about the kwlug-disc_kwlug.org mailing list