Re: OTP (opie) and ssh

To: Carlos Carvalho <carlos@fisica.ufpr.br>
Cc: debian-security@lists.debian.org
Subject: Re: OTP (opie) and ssh
From: Tollef Fog Heen <tollef@add.no>
Date: 19 Sep 2000 14:53:46 +0200
Message-id: <[🔎] 87bsxk35lx.fsf@arabella.intern.opera.no>
In-reply-to: Carlos Carvalho's message of "Mon, 18 Sep 2000 20:13:53 -0300"
References: <[🔎] 20000919000436.D11947@marvin.ibk.palfrader.org> <[🔎] 14790.41394.908.221717@hoggar.fisica.ufpr.br>

* Carlos Carvalho 

| I don't see the point of using ssh with otp. They are different
| methods to achieve the same goal, and are redundant.

No they are not.  Unless you are using RSA/DSA authentication, your
password goes over the wire.  Encrypted, yes, but the server knows
your password.  And, if you for some reason are on a public terminal,
do _you_ trust the client?  I wouldn't.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

Reply to:

Follow-Ups:
- Re: OTP (opie) and ssh
  - From: Carlos Carvalho <carlos@fisica.ufpr.br>

References:
- OTP (opie) and ssh
  - From: Peter Palfrader <ppalfrad@cosy.sbg.ac.at>
- Re: OTP (opie) and ssh
  - From: Carlos Carvalho <carlos@fisica.ufpr.br>

Prev by Date: Re: OTP (opie) and ssh
Next by Date: Re: OTP (opie) and ssh
Previous by thread: Re: OTP (opie) and ssh
Next by thread: Re: OTP (opie) and ssh
Index(es):
- Date
- Thread