openssh, pam and debian: how to configure ssh to use custom pam authentication module


I want to install Debian "Lenny" server to be used from my students
from the computer labs of my university.
The labs have quite regularly monitored network infrastructure with
switches which support mac access lists.
Together with ssh that makes possibility of man in the middle and
eavesdropping attacks quite negligible.
Unfortunately, the main danger in the labs comes from the quite
liberal access to the operating system,
given to the students, which doesn't prevent effectively enough
installation of key loggers and trojaned versions
of some programs.

That's why I was thinking about using one-time password authentication
for my server (along with say write protected
usb flash with ssh client written on).

Directed by some postings on Debian mailing lists I found otpw package
and made it work for regular
logins by adding one simple line to pam.d confguration files.

auth sufficient

The problem is that no mather what pam.d file for sshd service says,
the sshd displays regular password
prompt at login instead of the "Enter password No XXX" which is needed
for to work properly.

There were some suggestions on the mailing lists how to deal with that
very problem on openssh 3.x,
but the modern version of openssh says the suggested options are depreciated.

Which is the way to invoke the proper authentication scheme in modern
versions of openssh?

Relevant Pages

  • X locks up after a random time
    ... KDE desktop, compiz and all, but I believe it is not ... system boots up regularly, I do regular work, and after a random ... The server is probably stuck in an infinite loop. ...
  • Re: OT .. Road Warrior communications question
    ... Should I be able to always connect to my regular internet host/email ... Is that a firewall issue with the hotel providing the connection? ... outgoing mail server. ... the point where I use Google's gmail more and more, ...
  • Re: Trigger action in C# executable from web application
    ... Have a local C# app triggering regularly far web server "is there ... regular far webserver triggering sounds like bad architecture. ... the web application notify a remote server that the local program is polling on a regular basis. ...
  • Re: Did I get hacked into through IIS?
    ... I had my regular PC running, ... Although I was not on the Internet anymore, my server ... checked the www and ftp log files, and at the end of this posting I ... worst fear that someone copied my entire private data folder over the ...
  • Did I get hacked into through IIS?
    ... >Windows 2000 Server install with IIS with no data on it ... >checked the www and ftp log files, and at the end of this ... >I then looked at all my important data on my regular PC ... >worst fear that someone copied my entire private data ...