#11828: Look into using one-time-passwords as secondary authentication method for baron -------------------------+---------------------------- Reporter: zooey | Owner: haiku-sysadmin Type: task | Status: new Priority: normal | Milestone: Component: Sys-Admin | Version: Resolution: | Keywords: Blocked By: | Blocking: Has a Patch: 0 | Platform: All -------------------------+---------------------------- Comment (by zooey): Replying to [comment:11 Centinel]: > I successfully set up TOTP two-factor authentication via oath on jprostko's test server. In my setup, members of the 'otpusers' group are required to present an OTP when logging in via SSH. In the interest of avoid proprietary software (Google Authenticator), I succcessfully used mOTP and FreeOTP to generate OTPs. Great, good work! I personally wouldn't want to use stuff like Google Authenticator either (I use FreeOTP), but I suppose each admin may will whatever they can live with. > I'll wait for him to double-check my work, but if it checks out, hopefully we can move forward with testing. > > It's worth noting that two-factor authentication only seems to work with password-based SSH logins; if you are using SSH keys, it will ignore two- factor authentication and log you in directly. Ouch - we should try to overcome that, as we are using key-based authentication exclusively. Do you think this is a general (i.e. unavoidable) problem or is rather that you have observed that behaviour and there may be ways to fix that? -- Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:13> Haiku <https://dev.haiku-os.org> Haiku - the operating system.