On Mon, Sep 18, 2000 at 09:18:05PM -0300, Henrique M Holschuh wrote: > Yeah, those do solve the worst problem with OPIE. There's nothing wrong with > OTPs when properly designed (i.e.: no sheets of paper ;-) ), but since the > original poster was talking about OPIE...
Using OPIE doesn't mean you have to carry around "sheets of paper." OPIE is perfectly capable of authenticating against OTPs generated by any S/Key-compatible generator. So.. re-focusing on trying to solve his problem would be a big help to him as well as everyone else. ;) Anyway regarding OPIE usage with OpenSSH, it supports S/Key auth natively but AFAICT the reason OPIE doesn't work correctly has something to do with ssh and/or PAM not being able to print the challenge correctly. I really don't know the whole story, but I was trying to figure a way to get OPIE working with OpenSSH myself and saw something to this effect on the portable OpenSSH development list archive. Seems to me the correct way to support OPIE MAY be to petition the developers to include it. In fact, there is a patch already floating around that does this (seen on the aforementioned list archive), though it was for an older version of OpenSSH so I haven't tried it. Note that I am using a self-compiled installation; that patch may be appropriate for the Debian-provided version... check to see.
