I'm looking at implementing some s/keys with ssh which I seem to have accomplished at the moment (It's the little thing in life that make me happy. :) ) However I also want to use passwd funtion of the login.conf as well. To be specific, I want ssh access to have two authentication methods which must be used in order to obtain a login session. The first auth method being s/key the second being passwd. Anyone have any experience with OBSD's login.conf?

Here's the relevant portions of my login.conf

[code:1:564c4580f8]
# Default authentication for ssh
auth-ssh-defaults:auth-ssh=skey, passwd:

default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
:umask=022:\
:datasize-max=256M:\
:datasize-cur=64M:\
:maxproc-max=128:\
:maxproc-cur=64:\
:openfiles-cur=64:\
:stacksize-cur=4M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:\
:tc=auth-ssh-defaults:
[/code:1:564c4580f8]

Anyone have any ideas on how I could make this happen?

after reading the man pages for login.conf and skey(1) and skeyinit im not sure if this is possible or not. It looks like its going to be either or.


man skeyinit
After the S/Key database has been updated you can login using either your regular password or using S/Key one-time passwords.

But, if your using ssh, you can rely on them being trusted by your keys at least, along with skey. [/quote]