Re: How to use libpam-otpw?
On Tue, 07 Dec 2010 09:35:24 +0800, Magicloud Magiclouds wrote:
> I installed libpam-otpw a few days ago and configured it as:
> --- /etc/ssh/sshd_config ---
> UsePrivilegeSeparation no
> ChallengeResponseAuthentication yes
Shouldn't that be set to "no"? :-?
> --- /etc/pam.d/sshd ---
> #@include common-auth
> auth required pam_otpw.so
> session optional pam_otpw.so
> Now when I login, it prompt me for the one time password. But if I
> just press Enter for three times, it asks me for normal password again.
> Is this correct, or my configuration is wrong?
Hmmm... so you want to completely avoid pam logins within sshd and
enforce a one-time-password policy? I think you could fall into troubles
if you can't get a renewed key-combo and you lost your ssh connection/
There are some settings you can try in your "/etc/ssh/sshd" ("UsePAM no"
and "PasswordAuthentication no") but *be very careful with these* and *do
not change them* unless you have physical access to the server or you can
get stuck and not able to login remotely :-/