[lug] onetime login / rotating passwords - avoiding keyboard sniffers

Eric Peers eric_peers at yahoo.com
Wed Apr 23 17:17:51 MDT 2003


Howdy! I'm about to put a webserver on the internet,
but I'm concerned about unauthorized access to it.

I've disabled root access with SSH. I've left telnet
off. I've left ftp off. The box is
up2date-redhat-happy. I'm going to look at SMTP
tonight and make sure it's password authenticated.

what I'm concerned about is logging in from a remote
location. There are occasions where I might be on a
untrusted machine (i.e. at a library or internet
cafe). I would still like to be able to login. But
there might be a sniffer or keyboard logger on the
machine I use. If I use ssh, they still get my
username/password.

Is s-key the login method I'm looking for? We have an
RSA card where I work that generates a unique numeric
sequence that is paired with a login + pin number. The
unique sequence changes every 30 seconds...

 Thanks!
     --eric


__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com



More information about the LUG mailing list