Secure ssh with One Time Password

Used with ssh server to make login process difficult :)

Server side

First we have to install required packages:

apt-get install opie-server opie-client libpam-opie

Then, edit file /etc/pam.d/sshd and change line @include common-auth with lines:

#@include common-auth auth sufficient pam_opie.so auth required pam_deny.so

Next, edit /etc/ssh/sshd_config and change or add (if not available) line ChallengeResponseAuthentication yes

ChallengeResponseAuthentication yes

After all restart ssh deamon after that

/etc/init.d/ssh restart

Add users with command

opiepasswd -fc username

you will add users who can login with opie

cat /etc/opiekeys username 0497 pi8493 6b2fceacea9c453a Jan 02,2009 10:46:14

Number 0497 means that username has 497 successful login tries. After that password or number should be changed.

Client side

apt-get install opie-client

On first konsole try to connect server

#ssh user@server otp-md5 497 ab8493 ext, Response:

Copy server response to another console and type your opie password

#otp-md5 497 ab8493 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase:"type your opie password here" CORE FEAR LAUD RUTH NICK HURD

Copy opie generated password to first konsole after 'Response' word:

#ssh user@server otp-md5 497 ab8493 ext, Response:CORE FEAR LAUD RUTH NICK HURD

• Search

   

• Debian security

  • DSA-2384 cacti
  • DSA-2403 php5
  • DSA-2402 iceape
  • DSA-2401 tomcat6
  • DSA-2400 iceweasel
  • DSA-2399 php5

• tag cloud

  • debian lenny (9)
  • debian squeeze (3)
  • nagios (3)
  • ldap (2)
  • mysql (2)
  • bind (2)
  • heartbeat (1)
  • backup (1)
  • drbd (1)
  • postgresql (1)