-
Notifications
You must be signed in to change notification settings - Fork 0
OpenBSD Guide
Jon Williams edited this page Apr 4, 2016
·
2 revisions
npm install -g https://github.com/WIZARDISHUNGRY/totp-util
pkg_add login_oath
- run
totp-utilto setup~/.totp-key
- We're assuming everyone on the server is using ssh key auth. Change this in
/etc/login.conf
# Default allowed authentication styles
auth-defaults:auth=-totp-and-pwd,skey:
Edit /etc/ssh/sshd_config
Match User root
AuthenticationMethods publickey,password
Then run:
/etc/rc.d/sshd restart
cap_mkdb /etc/login.conf
Now regular users should be able to authenticate with just SSH (or a password plus totp token) but root will need password, ssh and a 2 TOTP token.
$ ssh user@machine
Authenticated with partial success.
user@machine's password: 123456/password