Posted Sep 2, 2011 7:59 UTC (Fri) by dugsong
In reply to: Two-factor authentication
Parent article: kernel.org compromised
Nothing's perfect, but a practical defense is to use your smartphone for out-of-band verification.
Disclaimer: Our company, Duo Security, provides this for free to open-source projects. Because it's the right thing to do!
As an aside, PAM and pubkey auth in OpenSSH are mutually exclusive. We work around this with a simple login_duo utility that doesn't require sshd restart, or even root access.
to post comments)