OTP

OpenBSD & OTP

i don’t like ssh & password authentication. but sometime, specially during setup or recovery, it’s need and make sense. thought i’ll protect some boxes with otp. here a few notes and instrucations Build login_otp git clone https://github.com/reyk/login_otp cd login_otp make obj make all doas make install Initialize OTP DB doas otp -i Generate Key for User otp -g Name: stoege Key: xxxx xxxx xxxx xxxx xxxx xxxx xx URL: otpauth://totp/stoege?secret=xxxxxxxxxxxxxxxxxxxxxxxxxx&issuer=&algorithm=SHA1&digits=6&period=30 Build QR Code echo "otpauth://totp/stoege?

OpenSSH 2FA Google Auth

Let’s give a try with Alpine Linux, OpenSSH and 2FA with Google Authenticator. add Packages apk add openssh openssh-server-pam google-authenticator openssh-doc google-authenticator-doc libqrencode Configure GoogleAuth touch /etc/pam.d/sshd ln /etc/pam.d/sshd /etc/pam.d/sshd.pam cat << 'EOF' >> /etc/pam.d/sshd.pam account include base-account auth required pam_env.so auth required pam_nologin.so successok auth required /lib/security/pam_google_authenticator.so echo_verification_code grace_period=57600 nullok auth required pam_unix.so md5 sha512 EOF update sshd_config cat << 'EOF' >> /etc/ssh/sshd_config PasswordAuthentication no AuthenticationMethods any UsePAM yes EOF Restart SSHD service sshd restart Setup User su - USERNAME google-authenticator Response