[CentOS] 2way authentication for SSH?

Wed Jan 30 14:03:28 UTC 2013
Robert Moskowitz <rgm at htt-consult.com>

On 01/30/2013 08:40 AM, Nux! wrote:
> On 28.01.2013 13:07, SilverTip257 wrote:
>> Google Auth
>> http://www.noktec.be/archives/1351
>> http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secures-linux-logins-392
>> http://prasys.info/2012/10/two-way-authentication-for-wordpress/
> How can one be concerned with security AND put his login at the mercy
> of google (or any other 3rd party)??

It depends on what the 3rd party is doing.  In the case of PKI, the 3rd 
party is providing an attestation service.  This is normally good, and 
presents little risk to the user(s).  Exposure to tracking usage would 
be if OCSP (online cert checking, I suspect I got the wrong letters 
here) is used.

In the case of federated password identities and things like SAML and 
JSON, security CAN be good, but tracking is high.

Disclaimer:  I am in the 3rd party authentication business.  I am 
involved with Verizon's UIS (do a Google search on it :) ) and PKI.