{"id":11,"date":"2006-05-20T16:47:34","date_gmt":"2006-05-20T14:47:34","guid":{"rendered":"http:\/\/gcolpart.evolix.net\/blog21\/otp-on-debian-system\/"},"modified":"2006-05-24T22:43:50","modified_gmt":"2006-05-24T20:43:50","slug":"otp-on-debian-system","status":"publish","type":"post","link":"https:\/\/gcolpart.evolix.net\/blog21\/otp-on-debian-system\/","title":{"rendered":"OTP on Debian system"},"content":{"rendered":"<p>When you are not in your secure hacklab, and you login on your Debian systems (laptop, remote server), it&#8217;s not secure to enter your very private password (&#8220;please, could you see ceiling&#8221; is not a secure way).<\/p>\n<p>Then you could use OTP (One Time Password) way.<br \/>\nOn Debian system, do this :<\/p>\n<p><code># (apt-get|aptitude) install opie-server<\/code><\/p>\n<p>Add pam_opie.so in your PAM info. For example, in pam.d\/ssh (or pam.d\/common-auth for all your pam.d\/foo), modify to have :<\/p>\n<p><code>auth sufficient pam_unix.so<br \/>\nauth sufficient pam_opie.so<br \/>\nauth required pam_deny.so<\/code><\/p>\n<p>Your systeam is now ready for OTP.<\/p>\n<p>To use it, log you and :<\/p>\n<p><code>$ opiepasswd -f -c<\/code><br \/>\n(You must choose a secret pass phrase to generate your OTP)<\/p>\n<p>Generate 10 passwords for example :<\/p>\n<p><code>$ opiekey -n 10 497 ab1234<\/code><br \/>\n(Enter your secret pass phrase)<\/p>\n<p>In this example, 497 is your current seq number and ab1234 is your seed. You could known them with opieinfo command (only if \/etc\/opiekeys is chmod 644).<\/p>\n<p>Print your 10 passwords (with your printer or you hand if you are paranoiac) and you could use them. For example, OTP login :<\/p>\n<p><code>homer login : jdoe<br \/>\nPassword : [enter]<br \/>\notp-md5 497 ab1234 ext, Response : [enter your OTP number 497][enter]<br \/>\nWelcome !!<br \/>\njdoe@homer:~$<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When you are not in your secure hacklab, and you login on your Debian systems (laptop, remote server), it&#8217;s not secure to enter your very private password (&#8220;please, could you see ceiling&#8221; is not a secure way). Then you could use OTP (One Time Password) way. On Debian system, do this : # (apt-get|aptitude) install [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,3],"tags":[],"class_list":["post-11","post","type-post","status-publish","format-standard","hentry","category-debian","category-english"],"_links":{"self":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":0,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"wp:attachment":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}