[plug] security qn: auth from Windows clients to Linux server
Russell Steicke
r.steicke at bom.gov.au
Sun Jul 31 09:33:20 WST 2005
On Sat, Jul 30, 2005 at 11:56:27PM +0800, dsbrown at cyllene.uwa.edu.au wrote:
> Dear PLUG list members,
>
> A security question :-) I want to avoid collateral damage from
> inadvertently having keystroke loggers grab authentication details from a
> compromised Windows machine, when used to remotely administer Linux
> machines hosting senmsitive data.
How about one time passwords? You generate a list of random
passwords, carry them around printed on paper, and they can only be
used once each, in order. There seems to be a PAM module for that,
libpam-opie on debian. I've used otp on openbsd where the support is
pretty good. I haven't used otp on linux, but some mucking around
with pam should make it work.
You'd need one list for each machine, since a keystroke logger would
still be able to grab passwords if you ssh from one remote machine to
another remote machine.
--
Russell Steicke
-- Fortune says:
A mouse is an elephant built by the Japanese.
More information about the plug
mailing list