[Bug 1438] New: Adds an out-of-band challenge (OBC) authentication method ( via kbdint)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 6 16:39:51 EST 2008


           Summary: Adds an out-of-band challenge (OBC) authentication
                    method (via kbdint)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Keywords: patch
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: pgsery at swcp.com

Created an attachment (id=1452)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1452)
Adds an out-of-band challenge (obc) device to kbdint

The out-of-band challenge (OBC) patch creates a kbdint device that
provides a server-based authentication mechanism. The server generates
and emails you a random string when you attempt to login. You're
authenticated if you can correctly answer the challenge.

You can use a regular email account, a pager, cell phone or other email
capable device to receive the challenge. However, by using a physical
device you create a one-time authentication secret completely separate
from your workstation.

OBC can be used in conjunction with the "Multiauth" patch
(https://bugzilla.mindrot.org/show_bug.cgi?id=1435), which allows you
to require two or more authentications for a successful login.
Combining OBC with Multiauth creates two physically separate
authentication factors equivalent to a commercial two-factor token. For
instance, requiring public key and OBC authentications creates
physically separate factors.

See README.obc for configuration and installation information

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list