[clug] secure remote access method
Ian Munsie
darkstarsword at gmail.com
Mon Jun 22 01:11:18 GMT 2009
> Further, even if you are *lucky* enough to be able to use ssh you may not be
> in a position to use public key authentication as you don't control the
> client.
That's why I'm liking the idea of the yubikey. When my key arrives I
want to set up my authentication as ((yubikey One Time Password &&
Password) || RSA) - from my own machines I can always log in
authentication with RSA as I already do, but the one time password
would mitigate the risk logging in from an untrusted machine (not
eliminate - though there is no point in them storing the password,
they could still manipulate the session in progress or feign a
successful logout but really keep the session open for their own evil
purpose). The yubikey just appears as a USB keyboard so you only need
access to a USB port on the client machine to use it, which is
generally only a problem in some very locked down organisations. As
you've pointed out, getting access to SSH is more likely to be a
problem than getting access to a USB port (mostly irrelevant for my
case).
-I
--
http://darkstarshout.blogspot.com/
--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
-- Eric S. Raymond, 2005
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
More information about the linux
mailing list