Re: Firewall with one-time passwords?

From: Nico Kadel-Garcia (
Date: 01/12/03

From: "Nico Kadel-Garcia" <>
Date: Sun, 12 Jan 2003 03:23:14 GMT

"Pierre Asselin" <> wrote in message
> In <avom42$20t6$> Ram Samudrala
<> writes:
> >[ ... a firewall that passes only ssh and ... ]
> >2. Each user who wishes to ssh to the entry point machine must first
> > authenticate themselves with a one-time password, with the
> > firewall. All the authentication does is to tell the firewall allow
> > (within the period of one minute) an ssh connection to be initiated
> > between the user's machine and the single entry point. This
> > authentication is permitted only for connections initiating from a
> > trusted host/domain (as determined by a fixed list).
> This is probably *less* secure than letting ssh through in the first
> place. Your one-time password has to be machine-generated, so you need
> to distribute a shared secret to all your clients, each one a potential
> leak. Is the authentication and authorization code absolutely
> Bugs could be exploited to 0wn your firewall.

??? The S/key or other one-time password is handled *in addition to* SSH
encryption, not in place of. And then you have to do a normal SSH login.
Even if this one-time password business is vulnerable, a full breakin
through normal SSH is still required.

> >3. The user then initiates a ssh connection to the machine in question
> > and logs in with their regular password. Again, the firewall only
> > permits this if the connection is initiated from a trusted
> > host/domain.
> The restriction on incoming IP's is a good idea, because it reduces your
> exposure when a new ssh weakness is discovered and gives you time to
> patch the end machines. Do you trust the reverse DNS or do you maintain
> a list of allowed IP ranges?

??? What reverse DNS? I would assume that it is IP based.

> It's probably safer to disallow passwords and force public-key
> authentication. You'll have to install the public keys yourself, or
> give your users a mechanism to do so. Also, laptop owners would have
> to protect their private keys with strong passphrases. A stolen laptop
> with an unencrypted private key is a free ticket.

Keys get stolen by people who are careless with their systems, just as you
describe. His proposed system allows him to track at connection time who is
coming in, and forces them to have another set of passwords.