[PATCH] one-time ssh-agent confirmation password

paul sery pgsery at swcp.com
Thu Nov 22 16:59:46 EST 2007


The patch (against 4.7p1) modifies gnome-ssh-askpass to optionally 
generate a one-time
password and transmits it to the user via an out-of-band communication 
channel. If you can
read the password and enter it back into the gnome-ssh-askpass dialog, 
ssh-agent is allowed
to continue with the authentication process.

There are two ways to use the modified gnome-ssh-askpass. The first 
incrementally increases
the security provided by the traditional ssh-agent/gnome-ssh-askpass 
combination. The second
allows you to create two fully separated authentication factors - the 
private key and one-time
password - without using a specialized hardware token. Both are 
described in the attached
README.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnome-ssh-askpass2.c.patch
Type: text/x-patch
Size: 3886 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20071121/58c326ea/attachment.bin 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: README
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20071121/58c326ea/attachment.ksh 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ssh-otac-fifo
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20071121/58c326ea/attachment-0001.ksh 


More information about the openssh-unix-dev mailing list