[PATCH] Out-of-band challenge (OBC) authentication method

paul pgsery at swcp.com
Wed Feb 6 16:47:08 EST 2008


This patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1438) creates a 
kbdint device that provides a server-based authentication mechanism. The 
server generates and emails you a random string when you attempt to 
login. You're authenticated if you can correctly answer the challenge.

You can use a regular email account, a pager, cell phone or other email 
capable device to receive the challenge. However, by using a physical 
device you can receive a one-time authentication secret isolated from 
your workstation.

OBC can be used in conjunction with the "Multiauth" patch 
(https://bugzilla.mindrot.org/show_bug.cgi?id=1435), to create a 
two-factor authentication system; Multiauth allows you to require two or 
more authentications for a successful login. Combining OBC with 
Multiauth creates two physically separate authentication factors 
equivalent to a commercial two-factor token. For instance, requiring 
public key and OBC authentications creates physically separate factors.

See README.obc for configuration and installation information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-4.7p1-kbdint-obc.patch
Type: text/x-patch
Size: 32846 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080205/06b9d576/attachment-0001.bin 


More information about the openssh-unix-dev mailing list