On Thu, 4 Dec 2003 09:42, Bernd Eckenfels <[EMAIL PROTECTED]> wrote: > On Wed, Dec 03, 2003 at 10:34:13AM +0100, Artur R. Czechowski wrote: > > What about RSA tokens? This solution does not require any special > > hardware to connect on the client side. > > This also means it does not provide any additional security, besides the > costs.
What makes you think that? Such a token uses a cryptoraphically secure algorithm to generate a new number every minute (or other reasonably small time period). If you don't have the token then you don't have one half of what is necessary to authenticate yourself and can't login. Some tokens just display a number, some require that some sort of pass (either a password or a code obtained from the server) be entered into the device and the resulting number be returned to the server. However ssh doesn't support custom prompts from the server, so the best we could do is to take a code from the device and append it to a password to send to the server. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page