Support for SSH Challenge-Response Authentication

Support for SSH Challenge-Response Authentication

Postby brianwells » Tue Jan 29, 2013 12:49 am

I have several servers that use Google Authenticator to provide two-factor authentication for SSH connections. Remoter is unable to connect to these servers since it does not yet support SSH Challenge-Response Authentication.

It is easy to setup a test system on OS X:

1) Login as an administrator
1) Download http://google-authenticator.googlecode. ... ce.tar.bz2
2) Install Google Authenticator by running these commands in Terminal:

cd ~/Downloads
tar xvjf libpam-google-authenticator-1.0-source.tar.bz2
cd libpam-google-authenticator-1.0-source
sudo make install
sudo mv /usr/lib/pam_google_authenticator.so /usr/lib/pam/

3) Configure SSHD to use Google Authenticator

sudo -s
echo 'auth required pam_google_authenticator.so nullok' >> /etc/pam.d/sshd
echo 'ChallengeResponseAuthentication yes' >> /etc/sshd_config
exit

4) Create the secret key for the current user by running 'google-authenticator' in the Terminal and following the prompts.
5) Install the Google Authenticator app on your iOS device and add the account information that was provided by the 'google-authenticator' command.

Now when you SSH as that user you will be prompted for a verification code as well as the password. This code is generated by the Google Authenticator app and provides a form of two-factor authentication. Unfortunately, Prompter does not seem to know how to respond to the verification code prompt. I would be great if this was added at some point.

Thanks for your time.

-- Brian Wells
brianwells
 
Posts: 1
Joined: Mon Jan 28, 2013 10:19 pm

Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 9 guests

cron
cron