After the installation of anyterm on my sheeva I am now working on the integration of One Time Passwords to enable fullaccess to my network even from a compromised workstation in an internet cafe.
I decided to go with OPIE – One-time Passwords In Everything which is using the S/KEY system (http://www.inner.net/opie). The installation is as easy as:
aptitude install opie-server opie-client
after that the pam module for SSH must be adjusted:
/etc/pam.d/sshd
auth sufficient pam_unix.so auth sufficient pam_opie.so auth required pam_deny.so
must be in whereas:
@include common-auth
must be out.
Initialisation is done via:
opiepasswd -c
which gives you back the first password and seed. You need to give a passphrase for the actual account before the command completes.
With the command opiekey the sequence number and the passphrase you can also get the apropriate password or with the option -n <number> a list of usable
passwords for printing.