[PATCH] Out-of-band challenge (OBC) authentication method
paul
pgsery at swcp.com
Wed Feb 6 16:47:08 EST 2008
This patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1438) creates a
kbdint device that provides a server-based authentication mechanism. The
server generates and emails you a random string when you attempt to
login. You're authenticated if you can correctly answer the challenge.
You can use a regular email account, a pager, cell phone or other email
capable device to receive the challenge. However, by using a physical
device you can receive a one-time authentication secret isolated from
your workstation.
OBC can be used in conjunction with the "Multiauth" patch
(https://bugzilla.mindrot.org/show_bug.cgi?id=1435), to create a
two-factor authentication system; Multiauth allows you to require two or
more authentications for a successful login. Combining OBC with
Multiauth creates two physically separate authentication factors
equivalent to a commercial two-factor token. For instance, requiring
public key and OBC authentications creates physically separate factors.
See README.obc for configuration and installation information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-4.7p1-kbdint-obc.patch
Type: text/x-patch
Size: 32846 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080205/06b9d576/attachment-0001.bin
More information about the openssh-unix-dev
mailing list