On Thu, Dec 04, 2003 at 10:18:44AM +1100, Russell Coker wrote: > > > What about RSA tokens? This solution does not require any special > > > hardware to connect on the client side. > > This also means it does not provide any additional security, besides the > > costs. > What makes you think that?
Well, I was talking about the "no special hardware" part. If you talk about hardware token, yes you are right. As I said before, secureid is most likely the worst solution you can use in an open project. (I asumed you mean RSA soft tokens) > the resulting number be returned to the server. However ssh doesn't support > custom prompts from the server, so the best we could do is to take a code > from the device and append it to a password to send to the server. I think there is ACE support in SSHd, working with a timed challenge. OpenSSh with protocol 2 supports challenge response authentication like opie/skey which can also be used for X9.9 DES cards I guess. At least my FreeBSD router annoys me with such a server generated login challenge. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!