Openssh

‹ show all tags | rss feed ›

OpenSSH + OATH-TOTP

I dug a little further after my last post and stumbled upon this excellent blog post. It turns out that using the libpam-oath module for two-factor authentication is a lot easier than the challenge-response module and it works rather fabulously. I will document the steps I took here. Again, all credit goes to the author of that blog post above - I mainly followed his explanations and links. What we are going to do We want to enable two-factor authentication when logging in via ssh. read on »

OpenSSH + YubiKey HMAC-SHA1 challenge-response

_First off: this does not work as I wanted it to work .. it has some interesting implications though._ The idea I am using a YubiKey NEO for various things. It holds my PGP keys in its secure element and has the YubiKey slots configured to use HMAC-SHA1 challenge response and static password. You can for example unlock your KeePass(X) database using OATH-HOTP or the challenge-response mechanism. The idea was to use the PAM module in its challenge-response mode for authentication during SSH logins. read on »