[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-toolkit-help] OpenSSH publickey AND OTP/password
|
From: |
Simon Josefsson |
|
Subject: |
[OATH-toolkit-help] OpenSSH publickey AND OTP/password |
|
Date: |
Sun, 23 Jan 2011 21:25:36 +0100 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
>> If there's a ssh authorized_key it seems to override password
>> authenticate totally. Ideally I'd like to combine ssh keys AND OTP, but
>> I haven't worked out that setup yet.
>
> Right, if OpenSSH is using 'publickey' there is no PAM involvement at
> all. Or, well, it probably does session management via PAM, but not
> authentication. I would also like to see both publickey + OTP. I don't
> recall if this is a protocol limitation -- can the SECSH protocol use
> multiple authentication methods at all?
I looked into this a bit more and found this issue:
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Unfortunately I don't see this patch in the latest 5.6p1 release. We'll
have to wait a bit more. If anyone here has the time to test the patch
and with pam_oath, feedback on that would be great.
/Simon