[lug] Attacks Intensifying

Lee Woodworth blug-mail at duboulder.com
Thu Oct 28 15:12:58 MDT 2004


I haven't looked for OTP funcionality with openssh. I recall seeing 
settings related to s/key for sshd. I don't know if that can be 
configured as an additional authentication requirement (e.g. in addition 
to a public key).

Jani Averbach wrote:
> On 2004-10-28 13:06-0600, Lee Woodworth wrote:
> 
>>Unless you have the requirement that users can SSH from anywhere, 
>>blocking attackers is opposite of recommended security policy:
>>   specifically allow known sources, deny all others.
>>
>>My file exchange server requires users to have keys, no passwords 
>>allowed. It looks to me that the time I spent setting up user keys and 
>>allowing their addresses is less than the time you are going to spend on 
>>blocking attackers.
>>
> 
> 
> Well, I need an access from everywhere and morever, time to time, I
> have to use one time passwords.
> 
> So do you know if it is possible to make a system where entry level
> check is done with public keys, and after that actual access is granted by
> OTPW? 
> 
> Br, Jani
> 




More information about the LUG mailing list