[haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron
- From: "jprostko" <trac@xxxxxxxxxxxx>
- Date: Tue, 10 Feb 2015 20:34:18 -0000
#11828: Look into using one-time-passwords as secondary authentication method
for
baron
-------------------------+----------------------------
Reporter: zooey | Owner: haiku-sysadmin
Type: task | Status: new
Priority: normal | Milestone:
Component: Sys-Admin | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
-------------------------+----------------------------
Comment (by jprostko):
Replying to [comment:11 Centinel]:
> I successfully set up TOTP two-factor authentication via oath on
jprostko's test server. In my setup, members of the 'otpusers' group are
required to present an OTP when logging in via SSH. In the interest of
avoid proprietary software (Google Authenticator), I succcessfully used
mOTP and FreeOTP to generate OTPs.
Nice!
> I'll wait for him to double-check my work, but if it checks out,
hopefully we can move forward with testing.
I'll try to take a look around later tonight.
> It's worth noting that two-factor authentication only seems to work with
password-based SSH logins; if you are using SSH keys, it will ignore two-
factor authentication and log you in directly.
I'm pretty sure that you can define `AuthenticationMethods` in sshd_config
to get around this limitation, but I could be wrong. I mean, on some of
my own servers, I require a public key, followed by the account password
on the server, and it works well.
--
Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:12>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
