From owner-ssh@clinet.fi  Sat Apr 19 12:35:23 1997
Received: from hauki.clinet.fi (root@hauki.clinet.fi [194.100.0.1]) by hutcs.cs.hut.fi (8.8.5/8.7.3) with ESMTP id MAA27158; Sat, 19 Apr 1997 12:35:22 +0300 (EET DST)
Received: (daemon@localhost) by hauki.clinet.fi (8.8.5/8.6.4) id MAA18649 for ssh-outgoing; Sat, 19 Apr 1997 12:05:43 +0300 (EET DST)
Received: from nukkekoti.cs.hut.fi (nukkekoti.cs.hut.fi [130.233.40.128]) by hauki.clinet.fi (8.8.5/8.6.4) with ESMTP id MAA18643 for <ssh@clinet.fi>; Sat, 19 Apr 1997 12:05:40 +0300 (EET DST)
Received: from hiekkalaatikko.cs.hut.fi (hiekkalaatikko.cs.hut.fi [130.233.40.178])
	by nukkekoti.cs.hut.fi (8.8.5/8.8.5/1.15) with ESMTP id MAA04886
	for <ssh-mailgate@niksula.hut.fi>; Sat, 19 Apr 1997 12:05:35 +0300 (EEST)
Received: (from news@localhost)
	by hiekkalaatikko.cs.hut.fi (8.8.5/8.8.5/1.8) id LAA16179
	for ssh-mailgate@niksula.hut.fi; Sat, 19 Apr 1997 11:44:08 +0300 (EEST)
Received: from GATEWAY by news.cs.hut.fi with netnews
	for ssh-mailgate@niksula.hut.fi (ssh@clinet.fi)
To: ssh@clinet.fi
Date: Fri, 18 Apr 1997 15:58:04 GMT
From: nmills@dnsppp.net (Niles Mills)
Message-ID: <5j85mc$l80fi_002@news.dnsppp.net>
Organization: DNS-PPP Services
Content-Type: text/plain; charset=US-ASCII
References: <c1kg1xacq91.fsf@melange.gnu.ai.mit.edu>, <199704122209.RAA01569@spike.porcupine.org>
Reply-To: nmills@dnsppp.net
Subject: Re: Why Bother With One-Time Passwords?
Sender: owner-ssh@clinet.fi
Precedence: bulk

In article <199704122209.RAA01569@spike.porcupine.org>, 
 wietse@wzv.win.tue.nl (Wietse Venema) wrote:
> 
> My threat - once the client RSA secret key is disclosed, the server
> can be compromised. I want to raise the bar a little higher than
> that - thus the desire to use one-time passwords, generated without
> keeping a secret on the client host.
>
>         Wietse

Maybe (read: as usual) I'm missing the point, but would incorporating 
a call to S/Key in the sshd login phase solve the problem?

S/Key's login (./skey-2.2/login/login.c) is just an extension of the 
BSD 4.3 login (./util-linux/login-utils/login.c) and it seems that a 
savvy programmer could extend sshd.c to coordinate with S/Key when 
the connection to sshd is from a tty.

I'd really like that.  I was sorry to give up the S/Key functionality 
when switching over to SSH. 

And if I'm way off base, my apologies.  :)

Niles Mills
--
nmills@dnsppp.net