Perfect Paper Passwords

From dghartung.com/docs

Jump to: navigation, search

Reference: http://code.google.com/p/ppp-pam/ or http://code.google.com/p/ppp-pam/wiki/Building

using a fresh install of FC5 on openvz server. I used an openvz server because I at the time I was testing and this makes a great test plaform.

on the hardware node I had to issue a 

vzyum 155 install yum

Commands after this line are generic to FC5 whether virtualized or not

Then on the vps itself I issued, as root 

yum groupinstall "Development Tools"
yum install uuid-devel uuid-c++ pam-devel e2fsprogs-devel

so i can build the ppp-pam source code

Build

After my cup of coffee I cd'd to: You can get the SVN version if you like, instructions are at the bottom of the page 

## As an unprivileged user
cd

and got the ppp-pam source code 

wget http://ppp-pam.googlecode.com/files/ppp-pam-0.2.tar.gz
tar -zxvf ppp-pam-0.2.tar.gz
cd ppp-pam/build
../configure
make
make test
sudo make install

As root or using sudo, Add the following two lines to /etc/pam.d/sshd 

auth       required       pam_unix.so
auth       required       pam_ppp.so

This is what my /etc/pam.d/sshd file looks like, I had to comment out the fourth line regarding system-auth 

#%PAM-1.0
auth    required        pam_unix.so
auth    required        pam_ppp.so
#auth      include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    include      system-auth
session    required     pam_loginuid.so

Debian Etch ssh file looks like this 

http://www.dghartung.com/samples/deb_etch_etc_pam.d_ssh

As an unprivileged user, this does not work for root yet. 

cd
pppauth --key

Since I was on a XTERM console I just used the text option and then did a cut and paste to notepad, adjust accordingly 

pppauth --text --next 3

or 

ppauth --html --next 3

This command issues text similar to this 

http://localhost:45883/55888==-.......

Cut and paste this to your favorite browser and and change the "localhost" to your ip addr or hostname of the machine or server that the command was issued on. Your firewall settings must allow access to the port the command has issued, In this example the firewall was not running. Also bear in mind that each time the command is issued the port number is changed and is only available until the url is accessed.

Make sure you have the following settings in /etc/ssh/sshd_config: 

ChallengeResponseAuthentication yes
UsePAM yes

Restart sshd, your mileage may vary 

service sshd restart

SVN

For the svn version 

mkdir ppp-svn
cd ppp-svn
svn checkout http://ppp-pam.googlecode.com/svn/trunk/ ppp-pam 
cd ppp-pam

and build as above

Retrieved from "http://www.dghartung.com/docs/index.php/Perfect_Paper_Passwords"
Personal tools