karolszafranski.info

Linux geekiness taken professionally
Posts tagged as otp

One-Time Passwords on Debian Linux for SSH and VNC

2013-11-15 by Karol Szafrański, tagged as linux, otp, personalsec

Let's imagine your employer openly implements spyware on employees' computers as part of their DLP policy. Upon signing your contract you're warned that there is a program somewhere there that "monitors all user activity and could prevent some of it" and instructed that the attempts of killing, removing or tampering with the tool would be awarded with dismissal. They would log all visited websites, take screenshots at any time, and record all keystrokes. So every time you access your personal machine from work, you put your precious, lenghty, complex password (you have such one, right?) at risk of being recorded and stored in some audit database in plaintext for unspecified people to see.

Or maybe you are pretty comfortable with the security of the OS you're using but need to keep away a coworker/roommate/competitor spy looking over your shoulder, either directly or by some sophisticated means?

I came across a similar issue some time ago. And people around carrying RSA SecurID tokens made me wonder. So, let's render a captured SSH password useless.

Read more »