#11828: Look into using one-time-passwords as secondary authentication method for baron -------------------------+---------------------------- Reporter: zooey | Owner: haiku-sysadmin Type: task | Status: new Priority: normal | Milestone: Component: Sys-Admin | Version: Resolution: | Keywords: Blocked By: | Blocking: Has a Patch: 0 | Platform: All -------------------------+---------------------------- Comment (by jprostko): Replying to [comment:11 Centinel]: > I successfully set up TOTP two-factor authentication via oath on jprostko's test server. In my setup, members of the 'otpusers' group are required to present an OTP when logging in via SSH. In the interest of avoid proprietary software (Google Authenticator), I succcessfully used mOTP and FreeOTP to generate OTPs. Nice! > I'll wait for him to double-check my work, but if it checks out, hopefully we can move forward with testing. I'll try to take a look around later tonight. > It's worth noting that two-factor authentication only seems to work with password-based SSH logins; if you are using SSH keys, it will ignore two- factor authentication and log you in directly. I'm pretty sure that you can define `AuthenticationMethods` in sshd_config to get around this limitation, but I could be wrong. I mean, on some of my own servers, I require a public key, followed by the account password on the server, and it works well. -- Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:12> Haiku <https://dev.haiku-os.org> Haiku - the operating system.