Navigation


RSS / Atom



Set up OTP on Debian in minutes

2005-01-09 , ,

As root install the packages:

apt-get install libpam-opie opie-server opie-client

My systems only permit ssh, so I ignore the other services. Enable it by editing /etc/pam.d/ssh. Comment out the inclusion of common-auth and add the lines so the file reads:

#@include common-auth auth sufficient pam_opie.so auth sufficient pam_unix.so nullok_secure auth require pam_deny.so

It might be incovenient but you can enable it globally by editing /etc/pam.d/common-auth:

#auth required pam_unix.so nullok_secure. auth sufficient pam_opie.so auth sufficient pam_unix.so nullok_secure auth require pam_deny.so

Enable it for the non-root account, by running on a secure console:

opiepasswd -c

That’s it, you’re done! On your next attempt to log in with ssh you should see similar to:

$ ssh myhost.example.com otp-md5 495 wi01309 ext, Response:

Comment


Comments

Commenting is closed for this article.