Hi all,
This isn't directly SSH related - except for the fact that I can't see
anyway of throwing back a different login prompt to different SSH
clients, but it may be something someone here has come accross before,
and I've been running searches for days without any response so here goes...
Is it safe to put a secondary authorisation system (IE cryptocard or
S/KEY challenge) into a script which is executed after login via ssh?
I'm concerned about my users not choosing safe passwords (not matter how
often I tell them to, or force changes, use cracklib etc.), and because
it is an SSH based system with users connecting from various platforms
it's not possible to instigate one as part of the initial login
procedure.
What I propose is that the user connect using their client of choice
(Primarily Macintosh based, may be Windows, may be Linux/***BSD or
several others...) and then is prompted by a script which runs the
secondary authorisation with the one-time challenge.
Obviously I'd need to stop people from changing the default shell somehow.
Has anyone done this, or anything similair? Or can they point me anywhere?
Or am I being incredibly paranoid?
Thanks in advance for your suggestions.
d.
--
Techie wanted, apply within : http://www.kleber.net/job.html
Dorian Moore is property of Kleber Design Ltd. If found please contact Kleber
by phone on +44 207 581 1362 or visit http://www.kleber.net for further details.
You really shouldn't listen to anything he says... as it may just be an opinion
