| 1 |
Hi |
| 2 |
|
| 3 |
I read with interest your "Gentoo Linux Security Guide". My security |
| 4 |
needs are a bit different from the multi-user server. I am the only |
| 5 |
user, and the only internet service I run is ssh, so I can use my |
| 6 |
software/files when I am not home. |
| 7 |
|
| 8 |
I was only looking for one-time-passwords for ssh. This is nice for |
| 9 |
minimizing risks when logging on to a computer from public terminals |
| 10 |
etc. Maybe there should be a doc on how to do this in the gentoo user docs? |
| 11 |
|
| 12 |
I found this in Markus Kuhns program OTPW |
| 13 |
(http://www.cl.cam.ac.uk/~mgk25/otpw.html). The installation is quite |
| 14 |
easy, but there are some configuration changes (/etc/pam.d/sshd and |
| 15 |
/etc/ssh/sshd_config). I have tried to write down how I did that on my |
| 16 |
computer, which is a pretty fresh and standard gentoo installation. |
| 17 |
|
| 18 |
|
| 19 |
You do exactly as told on his homepage : Download and untar otpw as a |
| 20 |
normal user. Look over ENTROPY_CMDS in conf.h. Compile otpw as a normal |
| 21 |
user. Copy pam_otpw.so to /lib/security and use otpw-gen to create a |
| 22 |
list of one-time-passwords. Then you must add |
| 23 |
|
| 24 |
UsePrivilegeSeparation no |
| 25 |
UsePAM yes |
| 26 |
|
| 27 |
to /etc/ssh/sshd_config and in /etc/pam.d/sshd you must replace the line |
| 28 |
|
| 29 |
auth required pam_unix.so nullok |
| 30 |
|
| 31 |
with |
| 32 |
|
| 33 |
auth required pam_otpw.so |
| 34 |
|
| 35 |
and add |
| 36 |
|
| 37 |
session optional pam_otpw.so |
| 38 |
|
| 39 |
at the end. |
| 40 |
|
| 41 |
Yours, |
| 42 |
|
| 43 |
Dag Hovland |
| 44 |
|
| 45 |
P.s.:Thanks for a great distro! |
| 46 |
|
| 47 |
|
| 48 |
-- |
| 49 |
gentoo-hardened@g.o mailing list |
Archives