Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1393] patch modifies gnome-ssh-askpass to optionally use one-time password
bugzilla-daemon at bugzilla
Jan 19, 2008, 2:43 PM
Post #1 of 2 (398 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1393


Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org




--- Comment #5 from Damien Miller <djm@mindrot.org> 2008-01-20 09:42:58 ---
What is the treat model that this is intended to defend against. It
looks like it is supposed to stop someone who has gained access to my
agent socket and can also answer the askpass confirm dialog. Is this
correct?

BTW all the links at http://www.swcp.com/~pgsery return "forbidden"
errors.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1393] patch modifies gnome-ssh-askpass to optionally use one-time password [ In reply to ]
bugzilla-daemon at bugzilla
Jan 21, 2008, 2:26 PM
Post #2 of 2 (389 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1393


Paul Sery <pgsery@swcp.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |pgsery@swcp.com




--- Comment #6 from Paul Sery <pgsery@swcp.com> 2008-01-22 09:26:45 ---
(In reply to comment #5)
> What is the treat model that this is intended to defend against. It
> looks like it is supposed to stop someone who has gained access to my
> agent socket and can also answer the askpass confirm dialog. Is this
> correct?

Yes. It's also designed to protect against a lost or stolen private key
by creating a second authentication factor isolated from the ssh
client. You first authenticate to the server using your key. The server
then e-mails you a random password via an out-of-band channel. You're
fully authenticated if you can correctly answer the challenge.

> BTW all the links at http://www.swcp.com/~pgsery return "forbidden"
> errors.

Fixed.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal