License

Copyright (C) 2008-2021 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: Two-factor authentication for Gentoo Linux

Generate new seed (Each user should have an unique one):

head -10 /dev/urandom | sha512sum | cut -b 1-30

To get Base32 secret do

oathtool -v -d6 GENERATED-SEED

For generating QRCode-Imagefile for an OTP Smartphone App like FreeOTP+

qrencode -o qrcode.png 'otpauth://totp/user@machine?secret=BASE32-SECRET'

If you want to use this solution you need the following howto(s) finished:

• Basesystem

Required software

The required software has to be installed with the following command(s):

emerge media-gfx/qrencode
emerge sys-auth/oath-toolkit

Changes in /etc/otp.users

File permissions:
Owner: root
Group: root
Permissions: -rw-------

Click here for a download of the complete file: /etc/otp.users

Changed on 19.09.2019
Issued by olli
Beginning line 1

File with Users and seed. Seed can be generated with "head -10 /dev/urandom | sha512sum | cut -b 1-30"

# Option User Prefix Seed
HOTP/T30/6 username - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
HOTP/T30/6 username - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Changes in /etc/pam.d/horde

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/pam.d/horde

Changed on 19.09.2019
Issued by olli
Beginning line 1

PAM-Config for pam_oath.so

#auth       requisite     pam_oath.so usersfile=/etc/otp.users window=30 digits=6

Changes in /etc/pam.d/sshd

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/pam.d/sshd

Changed on 19.09.2019
Issued by olli
Beginning line 1

PAM-Config for pam_oath.so

auth       sufficient     pam_oath.so usersfile=/etc/otp.users window=30 digits=6

Changes in /etc/pam.d/su

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /etc/pam.d/su

Changed on 19.09.2019
Issued by olli
Beginning line 2

PAM-Config for pam_oath.so

auth       requisite     pam_oath.so usersfile=/etc/otp.users window=30 digits=6

Changes in /etc/ssh/sshd_config

File permissions:
Owner: root
Group: root
Permissions: -rw-------

Click here for a download of the complete file: /etc/ssh/sshd_config

Changed on 19.09.2019
Issued by olli
Beginning line 124

SSH needs

ChallengeResponseAuthentication yes
UsePAM yes

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here