Re: Looking for Special Challenge-Response Auth PAM Module, or Similar
philipp at marek.priv.at
Wed Aug 24 03:53:33 AEST 2022
How about having a background job that just changes the root password regularly to a new random value, encrypts it with some gpg key, and presents the encrypted data as qr on a virtual console?
You just read it in via the notebook webcam, use your private key to decrypt it, and enter it - no PAM changes needed at all.
You can easily choose the length, validity period and complexity to whatever you want or require; and it won't repeat.
More information about the openssh-unix-dev