amuck-landowner

Captcha for your ssh login

Shados

Professional Snake Miner
The idea here is not to only rely on this technique to secure your servers but to use it when you don't available ssh key login. Or it's the case that everybody goes with their main laptop to everywhere?, I don't. And when I go with nothing but myself I still would like to login to my servers and captcha is only one more layer there to make it a little bit more secure.
That's what one-time password authentication is for. Not this.
 

willie

Active Member
As Shados says, doing any secure operation from a computer you don't control, particularly typing re-usable passwords, is a BAD idea.  You have to assume that the computer is malicious or at least compromised.  Where I worked it was expected that the ops guys always carried tablets (ipad mini) and they were able to use those to login and poke things if they had to, from wherever they were, if they got a phone alert.  Anyway, if you must use someone else's computer, using a one-time password is far preferable to a re-usable one.
 
Top
amuck-landowner