🔐The Way to Secure the Server When a User Login Must Use an OTP Code

Introduction

OTPW (One-Time Password) for servers is a security method used to authenticate users before granting access to a protected system or service. OTPW generates a one-time passcode that is only valid for one use or for a certain period of time. Every time a user wants to access the system, they have to enter the newly generated OTP passcode.

This method helps protect the system from security attacks such as password theft attacks or data sniffing because the generated passcode is only valid for one use. Some OTPW implementations also integrate additional authentication factors, such as entering a regular password before generating the OTP, or using security hardware such as a special token or authentication application.

Configuration

Debian 10-Router

Install Package

apt-get install otpw-bin libpam-otpw

Edit File

nano /etc/pam.d/sshd

*put a # on @include common-auth
# Standard Un*x authentication
#@include common-auth

*On the final line add :
auth    required    pam_otpw.so
session optional    pam_otpw.so

Edit File SSH

nano /etc/ssh/sshd_config

*Make sure the parameters below are still used (there is no # sign according to the parameters below):

PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes

Restart SSH Service

/etc/init.d/ssh restart

In the root directory, make sure it is in root@rizwan1:~#

Generate OTP Code

otpw-gen > temppasswd.txt

Enter new prefix password: admin
Reenter prefix password: admin

Open the temppasswd.txt file (as a password reference reference)

nano temppasswd.txt

SSH to Debian 10-Router

Then if you want to login via SSH to the Debian 10-Router, there will be a display that requires us to enter the OTP code.

password : admin
kode OTP : rRMu BGDa

*then if you want to login ssh: adminrRMuBGDa