Re: How to use libpam-otpw?

To: debian-user@lists.debian.org
Subject: Re: How to use libpam-otpw?
From: Camaleón <noelamac@gmail.com>
Date: Tue, 7 Dec 2010 11:09:01 +0000 (UTC)
Message-id: <[🔎] pan.2010.12.07.11.09.00@gmail.com>
References: <[🔎] AANLkTikFidMszXUdybXsu0Cer3_NJjzJfXar_AfMxg6F@mail.gmail.com>

On Tue, 07 Dec 2010 09:35:24 +0800, Magicloud Magiclouds wrote:

> Hi,
>   I installed libpam-otpw a few days ago and configured it as:
> --- /etc/ssh/sshd_config ---
> UsePrivilegeSeparation no
> ChallengeResponseAuthentication yes
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Shouldn't that be set to "no"? :-?

> --- /etc/pam.d/sshd ---
> #@include common-auth
> auth required pam_otpw.so
> session optional pam_otpw.so
> 
>   Now when I login, it prompt me for the one time password. But if I
> just press Enter for three times, it asks me for normal password again.
> Is this correct, or my configuration is wrong?

Hmmm... so you want to completely avoid pam logins within sshd and 
enforce a one-time-password policy? I think you could fall into troubles 
if you can't get a renewed key-combo and you lost your ssh connection/
link.

There are some settings you can try in your "/etc/ssh/sshd" ("UsePAM no" 
and "PasswordAuthentication no") but *be very careful with these* and *do 
not change them* unless you have physical access to the server or you can 
get stuck and not able to login remotely :-/

Greetings,

-- 
Camaleón

Reply to:

References:
- How to use libpam-otpw?
  - From: Magicloud Magiclouds <magicloud.magiclouds@gmail.com>

Prev by Date: Re: apt-pinning: repo-names.
Next by Date: Re: Problems with fast user switcher applet
Previous by thread: How to use libpam-otpw?
Next by thread: Re: How to use libpam-otpw?
Index(es):
- Date
- Thread