Home
DevCentral
Search
Configure Global Search
Log In
Transactions
T783
Change Details
Change Details
Old
New
Diff
When I were thinking about authentication methods for Eglide, I've come with a plan to both discourage password bruteforce attack and password confusion among users. Current SSH configuration allows three methods of login: - public key - OTP - YubiKey, as an easy to use OTP, and not at a two factor auth We disable challenge/response methods on the port 22, so only public key is allowed. We then start a SSH server in a new port, to allow OTP and YubiKey auth. That will discourage bruteforce attacks, and newcomers won't be puzzled by our SSH prompt when their key doesn't work: ``` [ No SSH key detected. Switching to OTP mode. Regular passwords are unsupported. ] otp-md5 222 ys8606 ext Password: ```
When I were thinking about authentication methods for Eglide, I've come with a plan to both discourage password bruteforce attack and password confusion among users. Current SSH configuration allows three methods of login: - public key - OTP - YubiKey, as an easy to use OTP, and not at a two factor auth We disable challenge/response methods on the port 22, so only public key is allowed. We then start a SSH server in a new port, to allow OTP and YubiKey auth. That will discourage bruteforce attacks, and newcomers won't be puzzled by our SSH prompt when their key doesn't work: ``` [ No SSH key detected. Switching to OTP mode. Regular passwords are unsupported. ] otp-md5 222 ys8606 ext Password: ```
Continue