Difference between revisions of "S/KEY Authentication"

From ArchWiki
Jump to: navigation, search
(update Pkg/AUR templates (https://github.com/lahwaacz/wiki-scripts/blob/master/update-package-templates.py))
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
[[Category:Security]]
 
[[Category:Security]]
 +
[[ja:S/KEY 認証]]
 +
{{Related articles start}}
 +
{{Related|Secure Shell}}
 +
{{Related|One Time PassWord}}
 +
{{Related|Pam abl}}
 +
{{Related|Google Authenticator}}
 +
{{Related articles end}}
 
This guide shows you how you can enable S/KEY one-time password authentication on your Arch.
 
This guide shows you how you can enable S/KEY one-time password authentication on your Arch.
  
Line 5: Line 12:
  
 
== Install opie ==
 
== Install opie ==
From [https://aur.archlinux.org/packages.php aur], install following packages:
+
Install the following packages from the [[AUR]]:
* libpam-opie
+
* {{AUR|pam-opie}}{{Broken package link|{{aur-mirror|pam-opie}}}}
* opie-client
+
* {{AUR|opie}}{{Broken package link|{{aur-mirror|opie}}}}
* opie-server
+
 
+
(As of today 2010-05-17 packages does not seem to support x86_64 but there is posted a fix on comments of opie-client)
+
  
 
== Config pam module ==
 
== Config pam module ==
Line 36: Line 40:
 
OR alternative way for Java-enabled mobile phone owners:
 
OR alternative way for Java-enabled mobile phone owners:
 
Get [http://fatsquirrel.org/software/vejotp/ VeJotp], It's free and you can generate passwords on the run.
 
Get [http://fatsquirrel.org/software/vejotp/ VeJotp], It's free and you can generate passwords on the run.
 
  
 
Now, when you ssh to your box, hit Enter to the password prompt and you will be prompted for onetime password.
 
Now, when you ssh to your box, hit Enter to the password prompt and you will be prompted for onetime password.
  
 
This guide is based on [http://busk.blogs.lysator.liu.se/2009/12/12/skey-one-time-passwords-using-opie/]
 
This guide is based on [http://busk.blogs.lysator.liu.se/2009/12/12/skey-one-time-passwords-using-opie/]

Latest revision as of 08:45, 25 March 2016

This guide shows you how you can enable S/KEY one-time password authentication on your Arch.

Warning: Do following actions on secure connection from a secure computer. A chain is as strong as its weakest link.

Install opie

Install the following packages from the AUR:

Config pam module

In /etc/pam.d tweak config files for wanted logins. I tweaked sshd and sudo. Do the following to selected files:

auth  required  pam_unix.so
change to (note order)-->
auth sufficient pam_unix.so
auth sufficient pam_opie.so

If you want to use SSH, change ChallengeResponseAuthentication to yes in /etc/ssh/sshd_config

Create an OTP key

As your user (no root), run:

# opiepasswd -c

After entering a passphrase you get your OTP key:

ID busk OTP key is 499 fe6839
MIRE MORE ODE DOME REAM

Get yourself some passwords

# opiekey -n 20 499 fe6839

OR alternative way for Java-enabled mobile phone owners: Get VeJotp, It's free and you can generate passwords on the run.

Now, when you ssh to your box, hit Enter to the password prompt and you will be prompted for onetime password.

This guide is based on [1]