[Systems] [Fwd: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30]

Bernie Innocenti bernie at sugarlabs.org
Thu Oct 13 16:33:25 EDT 2011


On Thu, 2011-10-13 at 10:13 -0400, Henry Edward Hardy wrote:
> If we are worried about the security of ssh keys we might consider
> adding a second authentication factor such as a one time password
> system like OPIE or S/KEY.
> 
> http://delta-xi.net/index.php?/archives/16-OTPs-Using-sKey-with-SSH-via-OPIE.html

Some form of TOP would make sense for us sysadmins.

Not for users and developers, though: I've had lots of trouble making
them generate PGP keys, let alone 2-factor authentication.

Develer is using pam_oath [1] for sudo, but I don't know with what
hardware. Google uses Yubikeys [1] to authenticate people in the
corporate network, but I don't know what's on the server side.

[1] http://www.nongnu.org/oath-toolkit/
[2] http://yubico.com/yubikey

-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team



More information about the Systems mailing list