On Fri, Jan 21, 2011 at 4:55 AM, Simon Josefsson
<address@hidden> wrote:
> On Thu, Jan 20, 2011 at 09:39:08PM +0100, Simon Josefsson wrote:
>> Have you succeeded in setting it up? Describing how to configure
>> OpenSSH/PAM for one/two-factor OATH would be really nice.
>
> I'm planning to blog about this when less tired, but rough summary:
Very nice! I look forward to seeing this described in more detail.
> If there's a ssh authorized_key it seems to override password
> authenticate totally. Ideally I'd like to combine ssh keys AND OTP, but
> I haven't worked out that setup yet.
Right, if OpenSSH is using 'publickey' there is no PAM involvement at
all. Or, well, it probably does session management via PAM, but not
authentication. I would also like to see both publickey + OTP. I don't
recall if this is a protocol limitation -- can the SECSH protocol use
multiple authentication methods at all?
/Simon