On Mon, Aug 20, 2007 at 09:57:38AM +0400, Stanislav Maslovski wrote:
> On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote:
> > Stanislav Maslovski <[EMAIL PROTECTED]> writes:
> >
> > > What do you say, can MD5-based OPIE system be still considered secure?
On Sun, Aug 19, 2007 at 10:51:51AM -0700, Russ Allbery wrote:
> Stanislav Maslovski <[EMAIL PROTECTED]> writes:
>
> > What do you say, can MD5-based OPIE system be still considered secure?
> > In the repository there are opie-server and opie-client.
>
> > Do I u
Stanislav Maslovski <[EMAIL PROTECTED]> writes:
> What do you say, can MD5-based OPIE system be still considered secure?
> In the repository there are opie-server and opie-client.
> Do I understand right that the strength of this system is the strength of
> one step of
Hello,
What do you say, can MD5-based OPIE system be still considered secure?
In the repository there are opie-server and opie-client.
Do I understand right that the strength of this system is the strength of
one step of MD5? Are there any alternatives where a different hashing
function can be
t; > workaround to provide similar functionality?
>
> I think you have to turn off PrivSep to make this work.
>
> M
I have succesfully configued sshd to allow opie logons, without
disabling PrivSep, by configuring pam to use the libpam-opie
module for ssh.
In this case the use
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
> I tried to set this up again recently on another machine, and found that
> privelege separation breaks this functionality. Does anyone know of a
> workaround to provide similar functionality?
I think you have to turn off PrivSep to
.
Long answer: libpam-opie works fine today if you set
"privilegeseperation no" and "pamauthenticationviakbdint yes" in your
sshd_config file. The downside to doing that is that you increase your
exposure in the event of certain ssh exploits. There are patches to ssh
that allow
A long time ago, I had Openssh (circa 2.5-ish) set up to work with opie so
that if a user attempted to log in without keys, instead of a pasword
prompt, it would give an opie/skey login prompt.
I tried to set this up again recently on another machine, and found that
privelege separation breaks
On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> I have succesfully configued sshd to allow opie logons, without
> disabling PrivSep, by configuring pam to use the libpam-opie
> module for ssh.
> In this case the user gets the normal password prompt though, a
Which opens up a whole 'nother can of security worms...Is anyone
maintaining opie or s/key? Or for that matter, can something like this
even be worked around?
On Thu, 7 Aug 2003 22:55:16 -0700
Mark Ferlatte <[EMAIL PROTECTED]> wrote:
> Bradley Alexander said on Fri, Aug 08, 2003
On Fri, Aug 08, 2003 at 11:58:45AM -0500, Greg Norris wrote:
> On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> > I have succesfully configued sshd to allow opie logons, without
> > disabling PrivSep, by configuring pam to use the libpam-opie
> > module f
On Fri, Aug 08, 2003 at 11:58:45AM -0500, Greg Norris wrote:
> On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> > I have succesfully configued sshd to allow opie logons, without
> > disabling PrivSep, by configuring pam to use the libpam-opie
> > module f
On Fri, Aug 08, 2003 at 04:21:50PM +1000, Geoff Crompton wrote:
> I have succesfully configued sshd to allow opie logons, without
> disabling PrivSep, by configuring pam to use the libpam-opie
> module for ssh.
> In this case the user gets the normal password prompt though, a
ssh.
Long answer: libpam-opie works fine today if you set
"privilegeseperation no" and "pamauthenticationviakbdint yes" in your
sshd_config file. The downside to doing that is that you increase your
exposure in the event of certain ssh exploits. There are patches to ssh
that
t; > workaround to provide similar functionality?
>
> I think you have to turn off PrivSep to make this work.
>
> M
I have succesfully configued sshd to allow opie logons, without
disabling PrivSep, by configuring pam to use the libpam-opie
module for ssh.
In this case the use
Which opens up a whole 'nother can of security worms...Is anyone
maintaining opie or s/key? Or for that matter, can something like this
even be worked around?
On Thu, 7 Aug 2003 22:55:16 -0700
Mark Ferlatte <[EMAIL PROTECTED]> wrote:
> Bradley Alexander said on Fri, Aug 08, 2003
Bradley Alexander said on Fri, Aug 08, 2003 at 01:36:06AM -0400:
> I tried to set this up again recently on another machine, and found that
> privelege separation breaks this functionality. Does anyone know of a
> workaround to provide similar functionality?
I think you have to turn off PrivSep to
A long time ago, I had Openssh (circa 2.5-ish) set up to work with opie so
that if a user attempted to log in without keys, instead of a pasword
prompt, it would give an opie/skey login prompt.
I tried to set this up again recently on another machine, and found that
privelege separation breaks
* Quoting Cyrus Dantes ([EMAIL PROTECTED]):
> I've already installed opie-client and opie-server and already used
> opiepasswd to generate my OTP keys
> and such. I have verified my login is in /etc/opiekeys and other such needed
> items. Now i was wondering
> how i co
* Quoting Cyrus Dantes ([EMAIL PROTECTED]):
> I've already installed opie-client and opie-server and already used opiepasswd to
> generate my OTP keys
> and such. I have verified my login is in /etc/opiekeys and other such needed items.
> Now i was wondering
> how i co
I've already installed opie-client and opie-server and already used opiepasswd
to generate my OTP keys
and such. I have verified my login is in /etc/opiekeys and other such needed
items. Now i was wondering
how i could make OpenSSH 3.5 accept my OTP passwords. Any ideas on how to make
I've already installed opie-client and opie-server and already used opiepasswd to
generate my OTP keys
and such. I have verified my login is in /etc/opiekeys and other such needed items.
Now i was wondering
how i could make OpenSSH 3.5 accept my OTP passwords. Any ideas on how to make
Hi,
I'm trying to get opie-server|libpam-opie to use sha1 instead of md5,
but I haven't figured out how to do this on the server end. For the
client end, the -s option seems to be what to use w/ opiekey (though
this doesn't appear to be in the man pages...).
Has anyone figured
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
>
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
>
> [EMAIL PROTECTED] storm]$ dpkg -l |
Hey all,
I'm trying to get pam-opie working with openssh, but I guess I'm not
getting the hang of it. I think I have all of the packages installed:
[EMAIL PROTECTED] storm]$ dpkg -l | grep opie
ii libpam-opie0.21-7 Use OTP's for PAM authentication
ii opie-cli
On Sun, May 19, 2002 at 11:46:10PM -0400, Bradley Alexander wrote:
> Hey all,
>
> I'm trying to get pam-opie working with openssh, but I guess I'm not
> getting the hang of it. I think I have all of the packages installed:
>
> [storm@defiant storm]$ dpkg -l |
Hey all,
I'm trying to get pam-opie working with openssh, but I guess I'm not
getting the hang of it. I think I have all of the packages installed:
[storm@defiant storm]$ dpkg -l | grep opie
ii libpam-opie0.21-7 Use OTP's for PAM authentication
ii opie-cli
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
> Lots of people are replying about the advantages/disadvantages of
> using ssh **OR** otp. I fully agree; in fact I installed both here.
>
> What I said is that it's nonsense to use ssh **AND** otp at the same
> time, for the same
Lots of people are replying about the advantages/disadvantages of
using ssh **OR** otp. I fully agree; in fact I installed both here.
What I said is that it's nonsense to use ssh **AND** otp at the same
time, for the same login. If I understood correctly, Peter's setup of
ssh-pam would use otp for
Hi Carlos, Hi List!
On Tue, 19 Sep 2000, Carlos Carvalho wrote:
> Lots of people are replying about the advantages/disadvantages of
> using ssh **OR** otp. I fully agree; in fact I installed both here.
>
> What I said is that it's nonsense to use ssh **AND** otp at the same
> time, for the same
Lots of people are replying about the advantages/disadvantages of
using ssh **OR** otp. I fully agree; in fact I installed both here.
What I said is that it's nonsense to use ssh **AND** otp at the same
time, for the same login. If I understood correctly, Peter's setup of
ssh-pam would use otp fo
* Carlos Carvalho
| I don't see the point of using ssh with otp. They are different
| methods to achieve the same goal, and are redundant.
No they are not. Unless you are using RSA/DSA authentication, your
password goes over the wire. Encrypted, yes, but the server knows
your password. And, i
* Carlos Carvalho
| I don't see the point of using ssh with otp. They are different
| methods to achieve the same goal, and are redundant.
No they are not. Unless you are using RSA/DSA authentication, your
password goes over the wire. Encrypted, yes, but the server knows
your password. And,
On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote:
> Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
> OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
> original poster was talking about OPIE...
Using OPIE do
also.
Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
original poster was talking about OPIE...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and
he intruder knows the password.
> >
> > the more security the better, as far as i am concerned.
>
> Yes. One should use OPIE when he knows the connection is being eavesdropped
> at his end and accepts the fact that carrying around a printed sheet of
> paper with a few OTP-generat
ws the password.
>
> the more security the better, as far as i am concerned.
Yes. One should use OPIE when he knows the connection is being eavesdropped
at his end and accepts the fact that carrying around a printed sheet of
paper with a few OTP-generated passwords is safer (or you could program you
security the better, as far as i am concerned.
-thorsten sideb0ard
network/systems engineer
On Mon, 18 Sep 2000, Carlos Carvalho wrote:
> Peter Palfrader ([EMAIL PROTECTED]) wrote on 19 September 2000 00:04:
> >I just set up libpam-opie and it works quite well from the console as
> >w
Peter Palfrader ([EMAIL PROTECTED]) wrote on 19 September 2000 00:04:
>I just set up libpam-opie and it works quite well from the console as
>well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
>with ssh login but this is another story.
I don't see the poin
On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote:
> Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
> OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
> original poster was talking about OPIE...
Using OPIE do
also.
Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
original poster was talking about OPIE...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
he intruder knows the password.
> >
> > the more security the better, as far as i am concerned.
>
> Yes. One should use OPIE when he knows the connection is being eavesdropped
> at his end and accepts the fact that carrying around a printed sheet of
> paper with a few OTP-generat
ws the password.
>
> the more security the better, as far as i am concerned.
Yes. One should use OPIE when he knows the connection is being eavesdropped
at his end and accepts the fact that carrying around a printed sheet of
paper with a few OTP-generated passwords is safer (or you could program you
security the better, as far as i am concerned.
-thorsten sideb0ard
network/systems engineer
On Mon, 18 Sep 2000, Carlos Carvalho wrote:
> Peter Palfrader ([EMAIL PROTECTED]) wrote on 19 September 2000 00:04:
> >I just set up libpam-opie and it works quite well from the console as
> &
Peter Palfrader ([EMAIL PROTECTED]) wrote on 19 September 2000 00:04:
>I just set up libpam-opie and it works quite well from the console as
>well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
>with ssh login but this is another story.
I don't see the poin
Hi,
I just set up libpam-opie and it works quite well from the console as
well as with ssh. Unfortunatly it does not show wich OTPasswd it expects
with ssh login but this is another story.
In order to get it working I had to change /etc/pam.d/ssh from:
| auth required pam_nologin.so
47 matches
Mail list logo
