#Easy OATH based TOTP authentication for CentOS 6
This is a pair of scripts that essentially performs the steps at http://spod.cx/blog/two-factor-ssh-auth-with-pam_oath-google-authenticator.shtml to make deploying OATH based TOTP authentication work for SSH connections only.
##Setting up OATH in CentOS 6
Run oath-setup
one time on your system to set up OATH authentication.
- The EPEL repository will be added to your system.
pam_oath
andoathtool
will be added to your system./etc/ssh/sshd_config
will be modified to includeChallengeResponseAuthentication yes
and sshd will be restarted (Assumes that/etc/ssh/sshd.config
has not been modified in another way)- Creates
/etc/users.oath
- this file is where each user's TOTP key is stored - Creates
/etc/security/access-local.conf
- this file defines who is asked for a TOTP token upon login. By default no console users are asked for a token, only SSH users. - Creates the PAM rules for oath in file
/etc/pam.d/oath
and creates a symlink at/etc/pam.d/oath-sshd
- Edits
/etc/pam.d/sshd
to include/etc/pam.d/oath-sshd
in the rulset processed for sshd logins.