1 |
Hi |
2 |
|
3 |
I read with interest your "Gentoo Linux Security Guide". My security |
4 |
needs are a bit different from the multi-user server. I am the only |
5 |
user, and the only internet service I run is ssh, so I can use my |
6 |
software/files when I am not home. |
7 |
|
8 |
I was only looking for one-time-passwords for ssh. This is nice for |
9 |
minimizing risks when logging on to a computer from public terminals |
10 |
etc. Maybe there should be a doc on how to do this in the gentoo user docs? |
11 |
|
12 |
I found this in Markus Kuhns program OTPW |
13 |
(http://www.cl.cam.ac.uk/~mgk25/otpw.html). The installation is quite |
14 |
easy, but there are some configuration changes (/etc/pam.d/sshd and |
15 |
/etc/ssh/sshd_config). I have tried to write down how I did that on my |
16 |
computer, which is a pretty fresh and standard gentoo installation. |
17 |
|
18 |
|
19 |
You do exactly as told on his homepage : Download and untar otpw as a |
20 |
normal user. Look over ENTROPY_CMDS in conf.h. Compile otpw as a normal |
21 |
user. Copy pam_otpw.so to /lib/security and use otpw-gen to create a |
22 |
list of one-time-passwords. Then you must add |
23 |
|
24 |
UsePrivilegeSeparation no |
25 |
UsePAM yes |
26 |
|
27 |
to /etc/ssh/sshd_config and in /etc/pam.d/sshd you must replace the line |
28 |
|
29 |
auth required pam_unix.so nullok |
30 |
|
31 |
with |
32 |
|
33 |
auth required pam_otpw.so |
34 |
|
35 |
and add |
36 |
|
37 |
session optional pam_otpw.so |
38 |
|
39 |
at the end. |
40 |
|
41 |
Yours, |
42 |
|
43 |
Dag Hovland |
44 |
|
45 |
P.s.:Thanks for a great distro! |
46 |
|
47 |
|
48 |
-- |
49 |
gentoo-hardened@g.o mailing list |