jago25_98
Apprentice
Joined: 23 Aug 2002
Posts: 180
|
 Posted: Wed Oct 13, 2010 10:18 am Post subject: Opie-server (s/key) |
 |
|
I've enabled opie-server opie-client,
sorted /etc/pam.d/sshd ,
etc/ssh/sshd_config,
restarted ssh,
done opiepasswd -cf (for testing)
...but on login I'm only asked for `Using keyboard-interactive authentication` ... I then have to type in my normal password twice (?)
I need to get this right. I don't want to lock myself out.
What I'd really like is the option to put in a normal password, but also have the choice to respond to a challange using a opie key generator. Is that result possible?
Contents of /etc/pam.d/sshd:
| Code: | # PAM configuration for the Secure Shell service
# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth required pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth required pam_env.so envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# Disallow non-root logins when /etc/nologin exists.
account required pam_nologin.so
# Uncomment and edit /etc/security/access.conf if you need to set complex
# access limits that are hard to express in sshd_config.
# account required pam_access.so
# Standard Un*x authorization.
@include common-account
# Standard Un*x session setup and teardown.
@include common-session
# Print the message of the day upon successful login.
session optional pam_motd.so # [1]
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # [1]
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Set up SELinux capabilities (need modified pam)
# session required pam_selinux.so multiple
# Standard Un*x password updating.
#@include common-password
auth sufficient pam_unix.so
auth sufficient pam_opie.so
auth required pam_deny.so |
|
|
Networking & Security
