[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

openssh, pam and debian: how to configure ssh to use custom pam authentication module



Hi,

I want to install Debian "Lenny" server to be used from my students
from the computer labs of my university.
The labs have quite regularly monitored network infrastructure with
switches which support mac access lists.
Together with ssh that makes possibility of man in the middle and
eavesdropping attacks quite negligible.
Unfortunately, the main danger in the labs comes from the quite
liberal access to the operating system,
given to the students, which doesn't prevent effectively enough
installation of key loggers and trojaned versions
of some programs.

That's why I was thinking about using one-time password authentication
for my server (along with say write protected
usb flash with ssh client written on).

Directed by some postings on Debian mailing lists I found otpw package
and made it work for regular
logins by adding one simple line to pam.d confguration files.

auth    sufficient    pam_otpw.so

The problem is that no mather what pam.d file for sshd service says,
the sshd displays regular password
prompt at login instead of the "Enter password No XXX" which is needed
for pam_otpw.so to work properly.

There were some suggestions on the mailing lists how to deal with that
very problem on openssh 3.x,
but the modern version of openssh says the suggested options are depreciated.

Which is the way to invoke the proper authentication scheme in modern
versions of openssh?

[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux