Set up OTP on Debian in minutes
Jan 9, 2005As root install the packages:
apt-get install libpam-opie opie-server opie-client
My systems only permit ssh, so I ignore the other services. Enable it by editing /etc/pam.d/ssh. Comment out the inclusion of common-auth and add the lines so the file reads:
#@include common-auth
auth sufficient pam_opie.so
auth sufficient pam_unix.so nullok_secure
auth require pam_deny.so
It might be incovenient but you can enable it globally by editing /etc/pam.d/common-auth:
#auth required pam_unix.so nullok_secure.
auth sufficient pam_opie.so
auth sufficient pam_unix.so nullok_secure
auth require pam_deny.so
Enable it for the non-root account, by running on a secure console:
opiepasswd -c
That’s it, you’re done! On your next attempt to log in with ssh you should see similar to:
$ ssh myhost.example.com
otp-md5 495 wi01309 ext, Response: