From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 04F6F1381F3 for ; Fri, 18 Oct 2013 14:06:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 504C1E0B9C; Fri, 18 Oct 2013 14:05:56 +0000 (UTC) Received: from homiemail-a56.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 3A27FE0B37 for ; Fri, 18 Oct 2013 14:05:55 +0000 (UTC) Received: from homiemail-a56.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a56.g.dreamhost.com (Postfix) with ESMTP id C9F5AFE06E for ; Fri, 18 Oct 2013 07:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= libertytrek.org; bh=zvKbQ3GoF7WzGQ69k9yN2GMSoq8=; b=gNKw0HFrE+oQ CS57qzlm0P+lZir+TzAXIMOk6RyagKnDFyXPteUJC+KEEAqhuSf4fI9Rdf9Doe7R qPPl6Qmejf1k/U5E0hqc4pG2hZHXmbhBmX6VJTUL8pfA4bT3EsLGKpD1NhHkA52e NVLcqBaplvQLpH/dlKFUjw3ffuiM//0= Received: from [127.0.0.1] (unknown [159.63.145.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a56.g.dreamhost.com (Postfix) with ESMTPSA id 9F7B5FE06D for ; Fri, 18 Oct 2013 07:05:55 -0700 (PDT) Message-ID: <52614028.7090607@libertytrek.org> Date: Fri, 18 Oct 2013 10:05:28 -0400 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: scripted iptables-restore References: <525AAADE.7040700@orlitzky.com> <525ACC38.8060008@orlitzky.com> <525C36BC.1060602@libertytrek.org> <525C57D6.7020408@gmail.com> <20131016232151.GA25241@waltdnes.org> <525F8AC3.2050504@gmail.com> <20131018023014.GA29789@waltdnes.org> <52610C22.1080106@libertytrek.org> <52611955.1000407@gmail.com> In-Reply-To: <52611955.1000407@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: a9325f4f-1db6-4351-8749-3063fccac13f X-Archives-Hash: c09405c1cf8708a2c541d581055c6ef8 On 2013-10-18 7:19 AM, Alan McKinnon wrote: > On 18/10/2013 12:23, Tanstaafl wrote: >> On 2013-10-17 10:30 PM, Walter Dnes wrote: >>> I apologize. That is arguably a two factor system. When you said >>> "ssh key and password", I "jumped to delusions", assuming that it was a >>> standard ssh connection with the option of either key or password. >> >> Side question... >> >> So, wouldn't the simplest two-factor authentication be an SSH key that >> required a password? > No, there is no way to verify that a user has enabled a passphrase on an > ssh key. No... I mean... If I create an SSH key that requires a password (ie, not a 'blank' password), then when I use this ssh key to connect to the system it was created for, and it asks for the password... This is, as far as I can see, a poor man's 'two-factor' authentication, is it not?