| < | August 2008 | > | ||||
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 | ||||||
Because I'm paranoid, I use one time passwords for logging in when I don't have my private key (translated: my laptop) with me. For some reason, people look at me strangely when I log in with a one time password because they think it's difficult to set up or something.
On FreeBSD, at least, it's amazingly easy to set up:
[522] (philip@carrot)~% opiepasswd -c Adding philip: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with no password. Then run opiepasswd without the -c parameter. Using MD5 to compute responses. Enter new secret pass phrase: Again new secret pass phrase: ID philip OTP key is 499 ca0476 HAW JUDY DUTY GUN SONG MINK
Linux distributions will probably want to make it a bit more difficult, but I can't imagine them making it much more difficult. You'll probably just have to jump through hoops to install OPIE or S/Key or something similar.
Next time you need to log in without having your private key nearby, the password prompt will ask you for a one time password:
otp-md5 498 ca0476 ext Password:
Note the 498 above. opiepasswd only told us 499, so you'll need to use opiekey to calculate the response to 498. Not too difficult:
[756] (philip@vimes)~% opiekey 498 ca0476 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: AGO SINK ROLL ROWE ENDS WORE
I like to print out a list of twenty or so one time passwords and carry them around with me. Easy!
Copyright © 2005–2010 Philip Paeps
All rights reserved.