I'd like this ebuild included in portage/overlay because there's no similar software available currently. I know of three other systems like this one:
- opie (kind of outdated but popular)
- pam-ppp (software on which otpasswd ideas are based)
- pam_sotp (this one is in sunrise; it's development looks suspended)
But I guess all are inferior to OTPasswd currently.
Idea for all of them is similar; software consist of some utility to manage "user state" and PAM module to perform authentication. After installation/configuration each time you have to log with SSH you're asked for your normal password and a one-time pad. Even if your client session is keylogged, the attacker won't have enough information to login himself.
One-time pads can be kept on printed paper cards on received via out-of-band channel communication (I use SMS).
Tested successfully on x86 and amd64. At first I tried to fix bugs of pam-ppp and add some features but fast I decided to drop it completely and write similar system from scratch. This one after two months of coding is much more advanced and well-documented.
It needs tests but this can be helped by placing it in portage/overlay. ;)
Program was tested successfully also under FreeBSD.
Created attachment 217325 [details]
Ebuild for RC1
This ebuild installs software in most versatile way, but requiring suid-root. If this would make it harder for the ebuild to be used it might be removed. otpasswd can work without suid while keeping it's state inside user home directories.
*** Bug 292452 has been marked as a duplicate of this bug. ***