OpenBSD Guide

Jon Williams edited this page Apr 4, 2016 · 2 revisions
Clone this wiki locally

Install utilities

npm install -g https://github.com/WIZARDISHUNGRY/totp-util 
pkg_add login_oath

User setup

  • run totp-util to setup ~/.totp-key

Setup authentication and SSH

  • We're assuming everyone on the server is using ssh key auth. Change this in /etc/login.conf
# Default allowed authentication styles
auth-defaults:auth=-totp-and-pwd,skey:

Edit /etc/ssh/sshd_config

Match User root
AuthenticationMethods publickey,password

Then run:

/etc/rc.d/sshd restart 
cap_mkdb /etc/login.conf

Now regular users should be able to authenticate with just SSH (or a password plus totp token) but root will need password, ssh and a 2 TOTP token.

Logging in

$ ssh user@machine   
Authenticated with partial success.
user@machine's password: 123456/password