[Bug 1393] patch modifies gnome-ssh-askpass to optionally use one-time password
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 22 09:26:47 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1393
Paul Sery <pgsery at swcp.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pgsery at swcp.com
--- Comment #6 from Paul Sery <pgsery at swcp.com> 2008-01-22 09:26:45 ---
(In reply to comment #5)
> What is the treat model that this is intended to defend against. It
> looks like it is supposed to stop someone who has gained access to my
> agent socket and can also answer the askpass confirm dialog. Is this
> correct?
Yes. It's also designed to protect against a lost or stolen private key
by creating a second authentication factor isolated from the ssh
client. You first authenticate to the server using your key. The server
then e-mails you a random password via an out-of-band channel. You're
fully authenticated if you can correctly answer the challenge.
> BTW all the links at http://www.swcp.com/~pgsery return "forbidden"
> errors.
Fixed.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list