S/KEY Authentication

From ArchWiki
Revision as of 18:34, 20 October 2018 by Larivact (talk | contribs) (change category to Category:Authentication)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: No longer packaged. (Discuss in Talk:S/KEY Authentication#)

This guide shows you how you can enable S/KEY one-time password authentication on your Arch.

Warning: Do following actions on secure connection from a secure computer. A chain is as strong as its weakest link.

Install opie

Install the following packages from the AUR:

Config pam module

In /etc/pam.d tweak config files for wanted logins. I tweaked sshd and sudo. Do the following to selected files:

auth  required  pam_unix.so
change to (note order)-->
auth sufficient pam_unix.so
auth sufficient pam_opie.so

If you want to use SSH, change ChallengeResponseAuthentication to yes in /etc/ssh/sshd_config

Create an OTP key

As your user (no root), run:

# opiepasswd -c

After entering a passphrase you get your OTP key:

ID busk OTP key is 499 fe6839

Get yourself some passwords

# opiekey -n 20 499 fe6839

OR alternative way for Java-enabled mobile phone owners: Get VeJotp, It's free and you can generate passwords on the run.

Now, when you ssh to your box, hit Enter to the password prompt and you will be prompted for onetime password.

This guide is based on [1]