[SOLVED] Re: openssh, pam and debian: how to configure ssh to use custom pam authentication module
- From: Angelin Lalev <lalev.angelin@xxxxxxxxx>
- Date: Tue, 17 Mar 2009 21:11:13 +0200
Problem solved. All I had to do was to
disable PasswordAuthentication and set UsePAM to yes.
On Sun, Mar 15, 2009 at 12:19 PM, Angelin Lalev <lalev.angelin@xxxxxxxxx> wrote:
I want to install Debian "Lenny" server to be used from my students
from the computer labs of my university.
The labs have quite regularly monitored network infrastructure with
switches which support mac access lists.
Together with ssh that makes possibility of man in the middle and
eavesdropping attacks quite negligible.
Unfortunately, the main danger in the labs comes from the quite
liberal access to the operating system,
given to the students, which doesn't prevent effectively enough
installation of key loggers and trojaned versions
of some programs.
That's why I was thinking about using one-time password authentication
for my server (along with say write protected
usb flash with ssh client written on).
Directed by some postings on Debian mailing lists I found otpw package
and made it work for regular
logins by adding one simple line to pam.d confguration files.
auth sufficient pam_otpw.so
The problem is that no mather what pam.d file for sshd service says,
the sshd displays regular password
prompt at login instead of the "Enter password No XXX" which is needed
for pam_otpw.so to work properly.
There were some suggestions on the mailing lists how to deal with that
very problem on openssh 3.x,
but the modern version of openssh says the suggested options are depreciated.
Which is the way to invoke the proper authentication scheme in modern
versions of openssh?
- Prev by Date: Re: Patch for OpenSSH for Windows to allow authentication through certificates
- Next by Date: "SIOCSIFNETMASK: Cannot assign requested address" when using -w
- Previous by thread: openssh, pam and debian: how to configure ssh to use custom pam authentication module
- Next by thread: OpenSSH/WinSCP - Login-"Problem"