Problem solved. All I had to do was to enable ChallengeResponseAuthentication, disable PasswordAuthentication and set UsePAM to yes. On Sun, Mar 15, 2009 at 12:19 PM, Angelin Lalev <lalev.angelin@xxxxxxxxx> wrote: > Hi, > > I want to install Debian "Lenny" server to be used from my students > from the computer labs of my university. > The labs have quite regularly monitored network infrastructure with > switches which support mac access lists. > Together with ssh that makes possibility of man in the middle and > eavesdropping attacks quite negligible. > Unfortunately, the main danger in the labs comes from the quite > liberal access to the operating system, > given to the students, which doesn't prevent effectively enough > installation of key loggers and trojaned versions > of some programs. > > That's why I was thinking about using one-time password authentication > for my server (along with say write protected > usb flash with ssh client written on). > > Directed by some postings on Debian mailing lists I found otpw package > and made it work for regular > logins by adding one simple line to pam.d confguration files. > > auth sufficient pam_otpw.so > > The problem is that no mather what pam.d file for sshd service says, > the sshd displays regular password > prompt at login instead of the "Enter password No XXX" which is needed > for pam_otpw.so to work properly. > > There were some suggestions on the mailing lists how to deal with that > very problem on openssh 3.x, > but the modern version of openssh says the suggested options are depreciated. > > Which is the way to invoke the proper authentication scheme in modern > versions of openssh? >