[Bug 1393] patch modifies gnome-ssh-askpass to optionally use one-time password

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 22 09:26:47 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1393


Paul Sery <pgsery at swcp.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pgsery at swcp.com




--- Comment #6 from Paul Sery <pgsery at swcp.com>  2008-01-22 09:26:45 ---
(In reply to comment #5)
> What is the treat model that this is intended to defend against. It
> looks like it is supposed to stop someone who has gained access to my
> agent socket and can also answer the askpass confirm dialog. Is this
> correct?

Yes. It's also designed to protect against a lost or stolen private key
by creating a second authentication factor isolated from the ssh
client. You first authenticate to the server using your key. The server
then e-mails you a random password via an out-of-band channel. You're
fully authenticated if you can correctly answer the challenge.

> BTW all the links at http://www.swcp.com/~pgsery return "forbidden"
> errors.

Fixed.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list