OpenBSD Guide

Jon Williams edited this page Apr 4, 2016 · 2 revisions

Install utilities

npm install -g https://github.com/WIZARDISHUNGRY/totp-util 
pkg_add login_oath

User setup

  • run totp-util to setup ~/.totp-key

Setup authentication and SSH

  • We're assuming everyone on the server is using ssh key auth. Change this in /etc/login.conf
# Default allowed authentication styles
auth-defaults:auth=-totp-and-pwd,skey:

Edit /etc/ssh/sshd_config

Match User root
AuthenticationMethods publickey,password

Then run:

/etc/rc.d/sshd restart 
cap_mkdb /etc/login.conf

Now regular users should be able to authenticate with just SSH (or a password plus totp token) but root will need password, ssh and a 2 TOTP token.

Logging in

$ ssh user@machine   
Authenticated with partial success.
user@machine's password: 123456/password
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.