Using One Time Password (OTP) is a good idea these days. Luckily, its very easy to set up.
make sure /etc/skey directory exists
jack:/jack:37# sudo skeyinit -E
jack:/jack:38#skeyinit
in the output of the second command is a command that's been generated for you similar to:
otp-md5 100 bdsd523700
execute that command, adding the -n switch such that a list of passwords are generated that you can take with you.
jack:/jack:39# otp-md5 -n 50 100 bdsd523700
Reminder - Do not use this program while logged in via telnet.
Enter secret passphrase:
51: JILT YARD DARE WORM LARK CASE
52: GOOD VOTE NAN ITCH PUP DAM
53: BETH WAKE LACK MIT HANS DARE
54: MORT MAIL BANE LAP RODE YANG
[...snip...]
when you attempt to log in, use the following command structure.
ssh -l jack:skey [ip.ad.dr.ess]
a special prompt will also appear when the server recognizes that your user has a skey configuration. it will tell you which password to enter, counting down from 100.
jack/jack:45#> ssh -l jack:skey 10.200.1.254
otp-md5 97 bdsd29579
S/Key Password:
its asking for the password on line 97.
i don't quite understand the method of he counting, but it doesn't really matter much.
I got all this info from here
I wonder if I can restrict sshd to only accept skey authentication?
No comments:
Post a Comment