谭中一 <[email protected]> writes: > Hi,all > > I seek a solution for ssh with otp,then I found oath toolkit. > > My machine : CentOS6.0(in Vbox4.1.6),OpenSSH_5.3p1, OpenSSL 1.0.0-fips, > > follow the README, I Building and installation > oath-toolkit-1.10.4<http://download.savannah.gnu.org/releases/oath-toolkit/oath-toolkit-1.10.4.tar.gz> > . > I had successful configure the su and login use pam_oath two > factor authentication. > but when I configure the *ssh* and login use pam_oath, I can't pass the > authentication. > > this is my /etc/pam.d/sshd content.
Hello and thanks for your interest! Are you sure that your OpenSSH uses PAM at all? Make sure /etc/ssh/sshd_config has 'UsePAM yes' in it. /Simon > ==================================================== > > auth requisite pam_oath.so usersfile=/etc/users.oath window=20 digits=6 > #%PAM-1.0 > auth required pam_sepermit.so > auth include password-auth > account required pam_nologin.so > account include password-auth > password include password-auth > # pam_selinux.so close should be the first session rule > session required pam_selinux.so close > session required pam_loginuid.so > # pam_selinux.so open should only be followed by sessions to be executed in > the user context > session required pam_selinux.so open env_params > session optional pam_keyinit.so force revoke > session include password-auth。 > =================================================== > And I have other machine which is Ubuntu10.04(also in Vbox4.1.6),the > pam_oath.so works very well both in *su* and *ssh.* > So I think there maybe some wrongs in the CentOS /etc/pam.d/sshd. > > I am look for your helping, thanks!
