[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    "Re: draft-ietf-secsh-userauth-01.txt"
From:       "The Filter of daemon () hauki ! clinet ! fi" <daemon () clinet ! fi>
Date:       1997-03-28 23:43:05
[Download RAW message or body]

-- Begin filtered message --

 From owner-ssh  Fri Mar 28 23:43:04 1997
 Received: (daemon@localhost) by hauki.clinet.fi (8.8.5/8.6.4) id XAA17105 for \
ssh-outgoing; Fri, 28 Mar 1997 23:43:04 +0200 (EET)  Received: from \
xyzzy.plugh.edmonton.ab.ca (uucp@xyzzy.plugh.edmonton.ab.ca [198.161.22.2]) by \
hauki.clinet.fi (8.8.5/8.6.4) with SMTP id XAA17095 for <ssh@clinet.fi>; Fri, 28 Mar \
1997 23:42:56 +0200 (EET)  Received: (from uucp@localhost) by \
xyzzy.plugh.edmonton.ab.ca (8.6.12/8.6.9) id OAA14789; Fri, 28 Mar 1997 14:42:34 \
-0700  Received: from snouts-gw.obtuse.com(192.168.30.61), claiming to be \
"snouts.obtuse.com"  via SMTP by mailhost.plugh.edmonton.ab.ca, id smtpd14787aaa; Fri \
Mar 28 14:42:26 1997  Received: (from beck@localhost) by snouts.obtuse.com \
(8.7.5/8.7.3) id OAA06201; Fri, 28 Mar 1997 14:42:28 -0700  From: Bob Beck \
<beck@obtuse.com>  Message-Id: <199703282142.OAA06201@snouts.obtuse.com>
 Subject: Re: draft-ietf-secsh-userauth-01.txt
 To: tot@Trema.COM (Teemu Torma)
 Date: Fri, 28 Mar 1997 14:42:25 -0700 (MST)
 Cc: perry@piermont.com, pjnesser@martigny.ai.mit.edu, ssh@clinet.fi
 In-Reply-To: <199703281602.RAA28613@baht.labs.trema.com> from "Teemu Torma" at Mar \
28, 97 05:02:48 pm  X-Mailer: ELM [version 2.4 PL25]
 MIME-Version: 1.0
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 Sender: owner-ssh@clinet.fi
 Precedence: bulk
 
 
 	Never mind the labouriousness of setting it up, Try the
 security for the truly paranoid. While using RSA for user
 authentication is definately better than cleartext passwords, I still
 have to trust that the remote machine is not compromised or being used
 by off-white-hat types with access enough to snarf a user's private
 key once they set themselves up to SSH in. I can hand a user an SNK
 keycard and then I have a much greater assurance that it is actually
 them. For example, if a user is on the road and coming in from public
 access machines, I definately do *not* want them setting up or using
 SSH with a private key of theirs on this untrusted maching to come
 in. I'd far rather be able to allow the encrypted connection of SSH
 from "on the road" places, but require my users to use a favorite
 flavour of "Captain Crunch Secret Decoder Ring" (OTP device). This
 ensures that as long as the user doesn't hand the device to someone
 else, compromising a session from the remote machine doesn't give the
 person the ablility to come in again. (They can of course hijack the
 session while the user is on).
 
 	So my answer is, "Yes", I use OTP even though RSA auth is 
 available. 
 
 	-Bob
 
 > 
 >     From:  "Perry E. Metzger" <perry@piermont.com>
 >     Date:  Fri, 28 Mar 1997 10:25:02 -0500
 > 
 >     Do you really think people who have SSH will want to use OTP over RSA
 >     or similar authentication, given how easy RSA is to use and how
 >     comparitively laborious OTP is?
 > 
 > RSA authentication requires some installation work before it can be used,
 > whereas OTP can be used (at least almost) instantly.  If you are going to
 > log in only once or twice from some remote site, RSA is overall more
 > laborious than OTP. 
 > 
 > Teemu
 > 
 
 	

-- End of filtered message --


[prev in list] [next in list] [prev in thread] [next in thread]