Hacker News new | past | comments | ask | show | jobs | submit login

Hm, can somebody explain what threat two-factor ssh-login is a response to?

If somebody went through the trouble of owning your machine, can't they bypass the two-factor as well? Yes, it requires a more "live" and target attack, but one would think ssh attacks like these are pretty targeted in the first place. Or? What am I missing?




Maybe I'm missing some assumptions of yours, but for me the reason to do that is to .. protect the ssh login.

Who talks about a machine that is owned? This is about an additional requirement to log on to a service, be it ssh or email. Whether you're reusing your password, sharing it or just use a really bad one this adds an additional step to impersonate you.


Yeah, but you can log-in with private keys instead of passwords, so that problem was solved a long time ago.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: