

One-time Passwords in OpenBSD - rbc
http://www.openbsd.org/faq/faq8.html#SKey

======
aftbit
What is the point of this? Why not just use SSH or other encrypted channel
always?

~~~
rbc
With ssh, you still have to trust the originating endpoint. Even if you
encrypt the local ssh private key, you still have to decrypt it by typing in
the password that you encrypted it with. That opens the door for a key-logger
to capture the password, providing an opportunity for persistent access to the
remote host. I think that one-time passwords can be a useful adjunct
authentication method, even when using ssh. When you can trust both local and
remote host, I think key pairs are just fine.

