Openssh + challenge-response
Lourens Bordewijk
bordewijk at fox-it.com
Thu Mar 28 19:55:49 EST 2002
Hello,
I was searching the internet for an challenge-response system to
authenticate an Openssh session with an hardware token. Now i found this,
its very old, so i want to now how's the situation today. I couldn't find
much documentation.
Re: SSH with SecureID
> Is there any documentation I'm missing on how to integrate the two?
> We'd love to go with 2-factor authentication, but we want to make
> sure our traffic remains encrypted. Any solutions? >
>We are doing exactly such thing. I did not want to make mistake of most
challenge responce systems which run in clear-text on insecure solaris
machines (god knows I seen many of
> those). We are using Cryptocard from <http://www.cryptocard.com> -- the
challenge response system is working over ssh using TIS Authentication. All
windows people have to use
>SecureCRT since F-Secure windows client does not do TIS. Unix does it by
default (just -o 'TISAuthenticaion yes'). So you get: 63-jkb(nautilus)% ssh
proxy Challenge: 05293424
>Enter Response: We are running the system on FreeBSD and use radius -- so
sshd in fact becomes radius client when it needs to authenticate. So far
everything seem to work just
>great. Feel free to ask me in private if you need more details/info.
Thanks,
I read that it worked with openssh (that there are patches for it), If it's
posible , what's the safest hardware token that i can/should i use?
Activcard One? Cryptocard ? Is there a document that explains exactly the
situation i want to use or how i can implement it ?
Thanx in advance,
Lourens bordewijk
More information about the openssh-unix-dev
mailing list