Ignition
The OPIE services must be initialised with the command opiepasswd -c to allow users to log-in with OTPs; the account being used is also added. The generator also requests a pass phrase consisting of at least 10 digits which is used as parameter to generate one-time passwords. For instance, the tool might give the following response:
ID dab OTP key ist 499 wl3899
BUG KEEN SMOG MAP MOON TIDY
The fist line contains the sequence number (499) and the so-called seed (in this case, wl3899). The second line shows the related OTP, consisting of six parts, with the latter being only required for special cases, since during the next log-in to the server, the OTP with the sequence number with the next smaller number will be requested, which would be 498 in our case. If the user logs into the server via SSH, the log-in shows the sequence number and the seed, which must be fed into an OTP generator, for example the opiekey tool provided for OPIE:
opiekey 498 wl3899
However, there is one problem: It is highly probable that only Stephen Hawking and Bruce Schneier would be able to calculate the one-time password unless access to a computer with opiekey is provided. The rest of mankind must make use of available resources, with the easiest way being the piece-of-paper method, where opiekey determines several OTPs in advance, which are printed in a list and kept in your wallet. For instance, 20 OTPs are generated with the command for the line initialised above:
dab@server:/etc/pam.d$ opiekey -n 20 499 wl3899
Using the MD5 algorithm to compute response.
Enter secret pass phrase:
480: HILL ELK AMOK NOOK CITY FIRM
481: MOOR BELT LYE JOB AHEM END
...
499: ROIL PEG LUKE RUSE DAWN ADD
A more elegant way would be to install the Java implementation of an OTP computer on a Java-enabled mobile phone and to determine the OTP individually for each requested sequence number and the related seed. One option would be jotp, the slim version of which will even run on simple mobile phones with the Java Micro Edition (JME) [5].
![image 2 [176 x 208 Pixel @ 21 KB]](/security/imgs/46/3/7/1/1/0/1/1305c833d03498b1.jpg)
Calculate passwords on your mobile phone with One Time Pass for Java
Beach shell
Unfortunately, the standard Windows installation does not include an SSH client, and in most cases it is not possible to retrofit it. However, there is a springboard, even for such obstacles:. Ajaxterm [6]. Ajaxterm, which is written in Python, provides either a log-in shell or an SSH shell through a web interface, which requires only a web browser to log into the user’s home server, and such browsers are included as off-the-shelf products in every operating system.
As a standard, current Ajaxterm versions use the SSH shell for log-ins. The Ajax version 0.7-3 available for Ubuntu 6.10 is obsolete and does not provide native SSH support yet. Alternatively, we install the package available for Debian Unstable, which also installs the start and stop scripts.
wget
http://ftp.de.debian.org/debian/pool/main/a/ajaxterm/ajaxterm_0.9-2_all.de
b dpkg -i ajaxterm_0.9-2_all.deb
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
