Date: Thu, 24 Sep 1998 12:37:27 -0700 (PDT) From: Bill Paul <wpaul> To: nate@mt.sri.com (Nate Williams) Cc: committers@FreeBSD.org, mark@grondar.za, jlemon@americantv.com Subject: Re: Security and other facilities at WC CDROM - the plan. Message-ID: <199809241937.MAA29000@hub.freebsd.org> In-Reply-To: <199809241926.NAA00745@mt.sri.com> from Nate Williams at "Sep 24, 98 01:26:03 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > The password you type will suddenly stop working unless you > > > > a) set up your account at WC to accept no-password logins OR > > > > b) work with us to get your password registered with kerberos. > > > > > > What about folks who are using OS's at times that don't do SSH (ie; > > > Win32)? They also don't have a kerberized telnet available. :( > > > > Try the CRT client for windows. They have an SSH version out, and > > (IIRC) the license fee is reasonable ($20, or so). > > But sometimes I'm places where I don't have access to the SSH version > (read, business trips where I don't have my box with me). > > > If you are doing "telnet" from a winlose box, you're going to have to > > replace the native telnet client anyways, or slowly lose your sanity. > > Agreed, but *free* is a much better price than $20, especially when I > don't have the $20 version many times. > > Basically, what I'm asking is there a *secure* way of allowing logins > over the net besides ssh/kerberized-telnet? One way that springs to mind is to use s/key. You print out a bunch of one-time keys before you leave for your trip, then stuff the paper in your wallet. Then you can use telnet, but you'll be using your one-time passwords to log in, so password sniffing isn't a problem. (You won't have encryption though, so if you have to type in some other password while you're logged in, there could still be trouble.) Of course, one limitation is that if you use up all your one time passwords before you return home, you'll be stuck unless you can find an s/key key generator program somewhere. And somebody could steal your wallet and your password sheet. :) -Bill
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809241937.MAA29000>