So in a flash of blinding insight I decided to read the PAM documentation. Duh. Anyways I solved my problem and thought I would just post what I did in case anyone else was interested.
The first part of /etc/pam.d/ssh looks like this: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_unix.so auth required pam_opie.so auth required pam_env.so # [1] The rest is unchanged. I believe what this does it grabs a password from the user. If the password matches the unix password that is sufficient to identify the user. If that doesn't work it requires that the password is authenticated with the OPIE module. I've tried it out and it seems to work. Thanks, Jeff On Fri, Jun 13, 2003 at 11:40:36AM -0600, Jeffrey Clement wrote: > Good morning everyone, > > I'm trying to setup one of my machines to allow use of one time > passwords with SSH. The reason being is I often login to my machine on > untrusted machines and I would prefer not to compromise my passwords. I > would also like to be able to login using my normal password when I am > on a trusted client. > > I am using Debian 3 stable and OpenSSH. I installed the opie-client, > opie-server and libpam-opie packages. > > As I understand it I should now edit the pam config for SSH to allow > authentication using *either* the unix passwd or opie. Unfortunately > this is where I am lost. I can't find any documentation on what I'm > trying to do. > > I gather I need to add something like: > auth require pam_opie.so to the /etc/pam.d/ssh file but I know there is > more to it than that. > > Anyone have any ideas? > > Thanks, > Jeff
pgp00000.pgp
Description: PGP signature
