secure (nothing is), one-time passwords greatly reduces the window of
vulnerability compared to using static passwords directly.
-As an example use case, suppose you want to log in to one of your
-machines from a remote, untrusted teminal (e.g. from an internet
-cafe). You obviously don't want to load your SSH key on the untrusted
-terminal, and a keylogger would capture your password if you used it
-directly. By using a one-time password, the risk is reduced. A
-keylogger on the untrusted terminal could capture your one-time
-password and use it to log in either instead of you or as part of a
-man-in-the-middle attack. However, *after* that login is terminated,
-the keylogger can make no further breaches, as they could if they had
-captured your password itself. This is the same problem faced by
-sites that send you plain text emails with one-time URLs for
-registration confirmation, password reminders, etc. (who can't be
-bothered to use [[PGP]], sigh).
+For example, suppose you want to log in to one of your machines from a
+remote, untrusted teminal (e.g. from an internet café). You obviously
+don't want to load your SSH key on the untrusted terminal, and a
+keylogger would capture your password if you used it directly. By
+using a one-time password, the risk is reduced. A keylogger on the
+untrusted terminal could capture your one-time password and use it to
+log in either instead of you or as part of a man-in-the-middle attack.
+However, *after* that login is terminated, the keylogger can make no
+further breaches, as they could if they had captured your password
+itself. This “small window” risk is the same problem faced by sites
+that send you plain text emails with one-time URLs for registration
+confirmation, password reminders, etc. (who can't be bothered to use
+[[PGP]], sigh).
For more information on one-time passwords, take a look at the
following standards:
authentication enabled allows all all authentications styles from
[login.conf(5)][]. `/etc/login.conf` doesn't exist on my Gentoo or
Debian systems, which is, I think, because they use [PAM][] to handle
-all the authentication. Tracing through `/etc/pam.d/',
+all the authentication. Tracing through `/etc/pam.d/`,
`/etc/pam.d/sshd` builds the following `auth` chain on my Gentoo
system:
- auth required pam_tally2.so onerr=succeed
- auth required pam_shells.so
- auth required pam_nologin.so
- auth required pam_env.so
- auth required pam_unix.so try_first_pass likeauth nullok
- auth optional pam_permit.so
+ auth required pam_tally2.so onerr=succeed
+ auth required pam_shells.so
+ auth required pam_nologin.so
+ auth required pam_env.so
+ auth required pam_unix.so try_first_pass likeauth nullok
+ auth optional pam_permit.so
We need to add an OTP PAM module. There are several, none of which
seem to be actively developed:
* [S/Key][] (last activity in 2007)
-* [SOTP][] (last activity in 2005)
-* [OPTW][] (last activity in 2003)
-* [OPIE][] (no longer maintained?)
+* [OPIE][] (only maintained by Debian?)
The S/Key module does, however, have an ebuild in Gentoo's portage
tree (significantly patched from upstream), so we'll use that.
-My initial idea was to add the `skey` to `USE` and run
+My initial idea was to add `skey` to `USE` and run
# emerge -av --deep --update --newuse @world
but that enabled built-in S/Key handling in `app-admin/sudo` and
similar packages. We don't want applications to use S/Key directly,
-we want them to use PAM, and PAM should use S/Key. So, just emerge
-the S/Key PAM module:
+we want them to use PAM, and PAM should use S/Key. So instead, just
+emerge the S/Key PAM module:
# emerge -av sys-auth/pam_skey
which will pull in the ` sys-auth/skey` package containing binary
tools and the `libskey.so` library.
-Configure PAM to use the `skey` module for remote authentication by
-adding line like:
+Configure PAM to use the `skey` module for all system authentication
+by adding a line like:
auth [success=done ignore=ignore auth_err=die default=bad] pam_skey.so
allows users to use their one-time password (if configured) and falls
back to their system password if OTPs are not setup or the entered OTP
is invalid. See `/usr/share/doc/pam_skey-*/INSTALL.bz2` for details
-on this specific case and the [PAM System AG][PAM-SAG] for details on
-the syntax. Gentoo's `pam_skey` has been patched up a good deal (see
+on this specific case and the [PAM System Administrators'
+Guide][PAM-SAG] for details on the syntax. Gentoo's `pam_skey` has
+been patched up a good deal (see
`/usr/share/doc/pam_skey-*/README.bz2`), so on other systems, the
-procedure may be different (e.g. [OpenBSD][]).
+procedure may be different (e.g. OpenBSD has the S/Key module
+[installed by default][OpenBSD]).
Setup a one-time password chain for a particular user by running
- $ skeyinit
+ $ skeyinit
Password:
[Adding wking]
Reminder - Only use this method if you are directly connected
compliant calculator using GTK+.
* [OTPGen][] RFC 2289 compliant calculator using the Java 2 Micro
Edition (most mobil phones).
-* [jopt][] RFC 2289? and RFC 1760 compliant calculator using Java with
+* [jotp][] RFC 2289? and RFC 1760 compliant calculator using Java with
MD4 and MD5 support.
+If you don't have a secure client (e.g. cell phone) that will be
+accessible from the untrusted terminal, you can also print a list of
+future OTPs and cary the paper on your person.
+
+ $ otp-md5 -xn 5 99 tyr24366
+ Reminder - Do not use this program while logged in via telnet or rlogin.
+ Enter secret password:
+ 95: WENT FORM GAUL DATA LYLE SIR FA10 A627 37FB 5078
+ 96: DINE RODE SANK LYON SUCH MEAT 735A 275B 5AAE 4972
+ 97: THEE TOUR GOES HULK WORM TROY EA1D D238 4E4F DFE0
+ 98: ELM RUB CULL ANY LIND HOBO 1167 21B5 014A FD32
+ 99: RIM CHUG MUSH LOFT SAFE CHAR 37CC D302 D8BD 56CA
+
+The printed paper is obviously less secure, because it reduces the
+authentication requirement from something-you-know (secret key) to
+something-you-have (paper). If that bothers you, take a look at
+Markus Kuhn's [OTPW][] package, which uses a different algorithm to
+genrate OTPs that all begin with a secret (memorized) prefix. Kuhn's
+approach requires a hacker to copy your paper list *and* log your
+keystrokes to extract your prefix.
+
Eventually, your stock of OTPs will run low, and you'll need to use
`skeyinit` again to provide a fresh stash.
Algorithm) defines a particular ([inferior?][]) one-time password
generation alogrithm. [This Debian post][deb-fa] describes a
[FreeAuth][] implementation that uses time-based keys similar to many
-commercial systems.
+commercial systems. The [SOTP][] module doesn't specify it's
+algorithm, but it has the option of using secret prefixes along the
+lines of [OTPW][].
-[OPT]: http://en.wikipedia.org/wiki/One-time_password
+[OTP]: http://en.wikipedia.org/wiki/One-time_password
[RFC 2289]: http://www.ietf.org/rfc/rfc2289.txt
+[RFC 1938]: http://www.ietf.org/rfc/rfc1938.txt
[RFC 1760]: http://www.ietf.org/rfc/rfc1760.txt
[OpenSSH]: http://www.openssh.com/
-[sshd_config(1)]: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
+[sshd_config(5)]: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
[login.conf(5)]: http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf
[PAM]: http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
[S/Key]: http://freshmeat.net/projects/pam_skey/
[OPIE]: http://packages.debian.org/lenny/libpam-opie
-[OPTW]: http://www.cl.cam.ac.uk/~mgk25/otpw.html
-[SOTP]: http://www.cavecanen.org/cs/projects/pam_sotp/
[PAM-SAG]: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html
[OpenBSD]: http://www.openbsd.org/faq/faq8.html#SKey
[otpCalc]: http://killa.net/infosec/otpCalc/
[OTPGen]: http://marcin.studio4plus.com/en/otpgen/
[jotp]: http://www.cs.umd.edu/~harry/jotp/
+[OPTW]: http://www.cl.cam.ac.uk/~mgk25/otpw.html
[RFC 4226]: http://www.ietf.org/rfc/rfc4226.txt
[inferior?]: http://en.wikipedia.org/wiki/HOTP#Reception
[deb-fa]: http://www.debian-administration.org/articles/510
[FreeAuth]: http://freeauth.org/
+[SOTP]: http://www.cavecanen.org/cs/projects/pam_sotp/
[[!tag tags/linux]]
projects / mw2txt.git / commitdiff