-
Notifications
You must be signed in to change notification settings - Fork 0
OpenBSD Guide
Jon Williams edited this page Apr 4, 2016
·
2 revisions
npm install -g https://github.com/WIZARDISHUNGRY/totp-util
pkg_add login_oath
- run
totp-utilto setup~.totp-key
- We're assuming everyone on the server is using ssh key auth. Change this in
/etc/login.conf
# Default allowed authentication styles
auth-defaults:auth=-totp-and-pwd,skey:
Edit `/etc/ssh/sshd_config`
Match User root AuthenticationMethods publickey,password `` Run ``` /etc/rc.d/sshd restart cap_mkdb /etc/login.conf
Now regular users should be able to authenticate with just SSH (or a password plus totp token) but root will need password, ssh and a 2 TOTP token.
# Logging in
$ ssh
$ ssh user@machine
Authenticated with partial success.
user@machine's password: 123456/password