[PATCH] Out-of-band challenge (OBC) authentication method
Paul Sery
pgsery at swcp.com
Thu Feb 7 16:20:33 EST 2008
On Wed, 6 Feb 2008, Ben Lindstrom wrote:
>
> To take this a step farther wouldn't it be better to build this more like
> the "ProxyCommand". I'm not thrilled with the idea that we start adding
> massive amount of authentication methods that are used by a dozen people.
> I'd rather see someone invest the time in a good external proxy method for
> adding in custom authentications (Even at that, I dislike it from a
> security view since it makes it easier to compermise the deamon).
>
I chose this implementation because I thought kbdint was designed for
adding new auth methods. I understand not wanting to add new features,
especially ones likely to remain unused. However, this method should prove
popular if it delivers reliable, server-based two-factor authentication.
The server-based model allows any organization or individual the ability
to provide and use two-factor authentication.
> Also, email isn't very reliable and timely transmission of information.
> Even worse if you are sending it to an SMS gateway.
>
But is email (I'm unfamiliar with SMS particulars) reliable enough for
this purpose? My personal experience says yes.
More information about the openssh-unix-dev
mailing list