From owner-freebsd-security  Mon Jun  1 21:19:27 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA02975
          for freebsd-security-outgoing; Mon, 1 Jun 1998 21:19:27 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from roble.com (roble.com [207.5.40.50])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA02929
          for <freebsd-security@freebsd.org>; Mon, 1 Jun 1998 21:18:58 -0700 (PDT)
          (envelope-from sendmail@roble.com)
Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id VAA14408 for <freebsd-security@freebsd.org>; Mon, 1 Jun 1998 21:18:56 -0700 (PDT)
Date: Mon, 1 Jun 1998 21:18:55 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@FreeBSD.ORG
Subject: SSH + s/key (was: Re: MD5 v. DES)
In-Reply-To: <19980602015132.55099@follo.net>
Message-ID: <Pine.SUN.3.96.980601210938.14212B-100000@roble.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 2 Jun 1998, Eivind Eklund wrote:
> The SSH-1 protocol doesn't make it possible to use s/key for one-time
> passwords, at least.  There is no provision for showing a challenge to
> the user.

Partly true.  You can accomplish the same goal by creating an "skey"  user
account with no password and skeysh as the shell.  "ssh <remote_host> -l
skey" will establish an encrypted connection, log into the skey account
and ask for a username before displaying the skey sequence number and
password prompt.

Roger Marquis
Roble Systems Consulting
http://www.roble.com/consulting


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message