Created attachment 1452 [details] Adds an out-of-band challenge (obc) device to kbdint The out-of-band challenge (OBC) patch creates a kbdint device that provides a server-based authentication mechanism. The server generates and emails you a random string when you attempt to login. You're authenticated if you can correctly answer the challenge. You can use a regular email account, a pager, cell phone or other email capable device to receive the challenge. However, by using a physical device you create a one-time authentication secret completely separate from your workstation. OBC can be used in conjunction with the "Multiauth" patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1435), which allows you to require two or more authentications for a successful login. Combining OBC with Multiauth creates two physically separate authentication factors equivalent to a commercial two-factor token. For instance, requiring public key and OBC authentications creates physically separate factors. See README.obc for configuration and installation information
We don't want to add more kbdint methods - it is better to use a cross-platform authentication API like PAM or BSD auth.
Mass update RESOLVED->CLOSED after release of openssh-5.1