Re: Authentication w/o user ids and passwords.

From: Tom (thomascarmichael@attbi.com)
Date: 01/31/03

• Next message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "PC Fear Factor", Alan Luber"
• Previous message: Jason: "Re: What Trojan Cleaner Do You Recommend"
• Maybe in reply to: Lyal Collins: "Re: Authentication w/o user ids and passwords."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Tom <thomascarmichael@attbi.com>
Date: Fri, 31 Jan 2003 15:52:47 GMT

Lyal Collins wrote:

> "Tom" <thomascarmichael@attbi.com> wrote in message
> news:3E36E85D.F5C83EE8@attbi.com...
> > What about SSH and certificates? I can't give the specifics but you can
> > use ssh to make connections and open connections for the web so long as
> the
> > system has a valid certificate then your guaranteed authentication. A
> > passphrase for each user would be required initially and yes you can block
> > users as well. This can be sort of cumbersome if its a commercial product
> > as the inidividual will require ssh installed on their systems but?
>
> How do you stop someone misusing the machine the cert is stored on?
> Anyone walking up to the machine (or installing a remote access backdoor)
> has the full rights associated with the cert - or kerberos or radius or
> S/Key etc.
> Sounds like the only option is to lock it in the cupboard - not the most
> flexible or user friendly option.
> Surely your needs go beyond simply employing guards and locked cupboards.
>
> Lyal

There are always tradeoffs, thats why I mentioned the passphrase, together they
are more secure than passwords alone or certificates. Not knowing much aboiut
his environment if it were for a company then it may be that certs on systems he
alows would work fine. What level of security does he need.

---

• Next message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "PC Fear Factor", Alan Luber"
• Previous message: Jason: "Re: What Trojan Cleaner Do You Recommend"
• Maybe in reply to: Lyal Collins: "Re: Authentication w/o user ids and passwords."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Full-disclosure] reduction of brute force login attempts via SSH through iptables -- ... reduction of brute force login attempts via SSH through iptables --hashlimit ... out why my first attempts at using the hashlimit functionality in iptables ... against legitimate SSH connections, unless someone spoofs a very large ... (Full-Disclosure) Re: Looking for program that emails me when dhcp addr changes ... For SSH all you need forwarded is TCP Port 22... ... >>participate in TCP connections or UDP conversations it initiates but ... (comp.security.ssh) Re: ssh disconnecting [WAS: Getting Cut-Off] ... I left an SSH connection open to my server last night, ... after unexpecteded termination of previous connections. ... >>I didn't think my connection was idle since file transfer was occuring, ... (freebsd-questions) Re: SSH login takes very long time...sometimes ... to open many connections is probably not that important, ... These were different types of attacks, primarily originating from single IP addresses: ... but had the worst impact on the ssh availability. ... So the best option for me was to implement a log analyzer script placing temporary blocks on the firewall when necessary. ... (freebsd-stable) Re: Looking for program that emails me when dhcp addr changes ... > LA> Neither my ssh info or man route says mentions about how to ssh in ... >participate in TCP connections or UDP conversations it initiates but ... >The sheer ugliness of NAT is breathtaking. ... Any other connections besides port 22 I need to address? ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2003-02