Subject: Re: ssh - are you nuts?!?
To: Jason R Thorpe <>
From: Simon J. Gerraty <>
List: tech-security
Date: 12/17/2000 14:01:16
>There are OTP authentication mechanisms available for SSH.  And an OTP
>authenticated telnet session isn't going to be encrypted, so you still
>run the risk of having your keystrokes sniffed.

Sniffing is perhaps the lesser issue.  Without session integrity checks 
(and encryption provides a good form), your authenticated telnet session
can be stollen from you - thus strong authentication by itself is
almost useless.