On Sun, 21 Dec 2003 22:08, Tim Churches wrote: > The main problem with simple username/password pairs, HTTPS > nothwithstanding, is the need for the client to prove his or her > identity to **each** server **every** time the user's password is > negotiated or re-negotiated. Such proof needs to be conducted
There is a solution to even this - "ssh-agent" (see OpenSSH documentation or do a "man ssh-agent" if you are using a Linux/BSD/MacOSX system). I use it for accessing my surgery server from the hospital via remote X sessions. In theory, each application I start remotely needs authentication. In practice, ssh-agent does this for me. Currently, it times out after 10 minutes or whenever the "screen saver" kicks in. But it is trivial to configure it so that it works as long as a USB memory stick is plugged in, and you can tie the stick to your belt etc. Horst -- "On two occasions I have been asked [by members of Parliament!], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." -- Charles Babbage
