Hi, I want to install Debian "Lenny" server to be used from my students from the computer labs of my university. The labs have quite regularly monitored network infrastructure with switches which support mac access lists. Together with ssh that makes possibility of man in the middle and eavesdropping attacks quite negligible. Unfortunately, the main danger in the labs comes from the quite liberal access to the operating system, given to the students, which doesn't prevent effectively enough installation of key loggers and trojaned versions of some programs. That's why I was thinking about using one-time password authentication for my server (along with say write protected usb flash with ssh client written on). Directed by some postings on Debian mailing lists I found otpw package and made it work for regular logins by adding one simple line to pam.d confguration files. auth sufficient pam_otpw.so The problem is that no mather what pam.d file for sshd service says, the sshd displays regular password prompt at login instead of the "Enter password No XXX" which is needed for pam_otpw.so to work properly. There were some suggestions on the mailing lists how to deal with that very problem on openssh 3.x, but the modern version of openssh says the suggested options are depreciated. Which is the way to invoke the proper authentication scheme in modern versions of openssh?
