Home » Secure ssh with One Time Password

Secure ssh with One Time Password

Used with ssh server to make login process difficult :)

Server side

First we have to install required packages:

apt-get install opie-server opie-client libpam-opie

Then, edit file /etc/pam.d/sshd and change line @include common-auth with lines:

#@include common-auth auth sufficient pam_opie.so auth required pam_deny.so

Next, edit /etc/ssh/sshd_config and change or add (if not available) line ChallengeResponseAuthentication yes

ChallengeResponseAuthentication yes

After all restart ssh deamon after that

/etc/init.d/ssh restart

Add users with command

opiepasswd -fc username
you will add users who can login with opie
cat /etc/opiekeys username 0497 pi8493 6b2fceacea9c453a Jan 02,2009 10:46:14
Number 0497 means that username has 497 successful login tries. After that password or number should be changed.
Client side
apt-get install opie-client

On first konsole try to connect server

#ssh user@server otp-md5 497 ab8493 ext, Response:

Copy server response to another console and type your opie password

#otp-md5 497 ab8493 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase:"type your opie password here" CORE FEAR LAUD RUTH NICK HURD

Copy opie generated password to first konsole after 'Response' word:

#ssh user@server otp-md5 497 ab8493 ext, Response:CORE FEAR LAUD RUTH NICK HURD

Write a comment

  • Required fields are marked with *

If you have trouble reading the code, click on the code itself to generate a new random code.
 
Learn how to play backgammon
Posts: 1
Comment
GREAT
Reply #1 on : Wed July 01, 2009, 12:43:21
Really i am impressed from this post....the person who create this post he is a great human..thanks for shared this with us.i found this informative and interesting blog so i think so its very useful and knowledge able.....
http://www.backgammon-basics.com