On Wed, Mar 27, 2019 at 11:05 AM Daniel Jakots <[email protected]> wrote:
> On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein > <[email protected]> wrote: > > > It is interesting because some people mention combined methods - like > > SSL hostkey + some second factor being used just in that fashion: > > > > https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html > > > > But based on my experience thus far it looks like Ted is right. So I > > may have to write a utility for combined login. What should that > > utility do - call the two methods in question and return true or > > false depending on whether they succeed? > > You can actually look at the auth plugin this (brilliantly written btw, > *cough* ;)) blog article mentions. login_oauth allows you to use totp > and a password: > > > DESCRIPTION > > The login_totp-and-pwd program attempts to authenticate the user > > via a combination of password authentication and an OATH time-based > > one-time password > > (quote from login_totp-and-pwd.8). > > Cheers, > Daniel > Thanks Daniel! This is a nice piece of code indeed: https://github.com/WIZARDISHUNGRY/totp-util But I don't see the login_<whatever> code there - which would be helpful if I were to write a login plugin. Do you know where that code would be? Boris.
