ssh – My Thoughts

Fritzbox – remote administration

In order to access the administration webpage of my fritzbox an SSH tunnel is currently my first choice. The usage of a proxy is not working at the moment for several reasons.
To establish the tunnel just use:
ssh -L ::80 -l

e.g.: ssh -L 8080:fritz.box:80 -l username tunnelserver

or the tunnel settings in putty:

Now only the proxy settings in your browser must be switched to localhost and your done.
Alternatively you could configure a dedicated profile for your browser, e.g.
firefox.exe -ProfileManager

firefox.exe -p

OTP – One Time Passwords

After the installation of anyterm on my sheeva I am now working on the integration of One Time Passwords to enable fullaccess to my network even from a compromised workstation in an internet cafe.

I decided to go with OPIE – One-time Passwords In Everything which is using the S/KEY system (http://www.inner.net/opie). The installation is as easy as:

aptitude install opie-server opie-client

after that the pam module for SSH must be adjusted:

/etc/pam.d/sshd

auth sufficient pam_unix.so
auth sufficient pam_opie.so
auth required pam_deny.so

must be in whereas:

@include common-auth

must be out.

Initialisation is done via:

opiepasswd -c

which gives you back the first password and seed. You need to give a passphrase for the actual account before the command completes.

With the command opiekey the sequence number and the passphrase you can also get the apropriate password or with the option -n <number> a list of usable
passwords for printing.