Re: OTP (opie) and ssh
On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote:
> Yeah, those do solve the worst problem with OPIE. There's nothing wrong with
> OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the
> original poster was talking about OPIE...
Using OPIE doesn't mean you have to carry around "sheets of paper."
OPIE is perfectly capable of authenticating against OTPs generated by
any S/Key-compatible generator.
So.. re-focusing on trying to solve his problem would be a big help to
him as well as everyone else. ;)
Anyway regarding OPIE usage with OpenSSH, it supports S/Key auth
natively but AFAICT the reason OPIE doesn't work correctly has something
to do with ssh and/or PAM not being able to print the challenge
correctly. I really don't know the whole story, but I was trying to
figure a way to get OPIE working with OpenSSH myself and saw something
to this effect on the portable OpenSSH development list archive.
Seems to me the correct way to support OPIE MAY be to petition the
developers to include it. In fact, there is a patch already floating
around that does this (seen on the aforementioned list archive), though
it was for an older version of OpenSSH so I haven't tried it. Note that
I am using a self-compiled installation; that patch may be appropriate
for the Debian-provided version... check to see.