[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to use libpam-otpw?

On Tue, 07 Dec 2010 09:35:24 +0800, Magicloud Magiclouds wrote:

> Hi,
>   I installed libpam-otpw a few days ago and configured it as:
> --- /etc/ssh/sshd_config ---
> UsePrivilegeSeparation no
> ChallengeResponseAuthentication yes
Shouldn't that be set to "no"? :-?

> --- /etc/pam.d/sshd ---
> #@include common-auth
> auth required pam_otpw.so
> session optional pam_otpw.so
>   Now when I login, it prompt me for the one time password. But if I
> just press Enter for three times, it asks me for normal password again.
> Is this correct, or my configuration is wrong?

Hmmm... so you want to completely avoid pam logins within sshd and 
enforce a one-time-password policy? I think you could fall into troubles 
if you can't get a renewed key-combo and you lost your ssh connection/

There are some settings you can try in your "/etc/ssh/sshd" ("UsePAM no" 
and "PasswordAuthentication no") but *be very careful with these* and *do 
not change them* unless you have physical access to the server or you can 
get stuck and not able to login remotely :-/



Reply to: