> Doing it any other way is totally stupid. Or you don't need security
> and won't have it.
>
> And anyone else here who suggested that you could use OTP to solve
> this is totally clueless.
Obviously, I am missing something fundamental.
If I use an OTP to log into a remote system via an untrusted host,
and I don't type any further passwords in, what exposure am I
presenting?
An example - I skey into a system, issue a 'sudo blahdeeblah blah'
(with no password), and exit. Even if every single packet is
being sniffed, how does that expose me? The sniffed skey sequence
is useless now, the sudo procedure didn't expose a password, what am
I missing?
That's all I'm asking about. Honest question. I'll slink back
under my rock soon, I promise. :)
Benny
--
"Now, that next spring you find in your garage a creature that
looks like a cross-bred badger and anaconda. A badgerconda."
-- bash.org
