Re: Looking for Special Challenge-Response Auth PAM Module, or Similar

Philipp Marek philipp at
Wed Aug 24 03:53:33 AEST 2022

How about having a background job that just changes the root password regularly to a new random value, encrypts it with some gpg key, and presents the encrypted data as qr on a virtual console?

You just read it in via the notebook webcam, use your private key to decrypt it, and enter it - no PAM changes needed at all.

You can easily choose the length, validity period and complexity to whatever you want or require; and it won't repeat.

More information about the openssh-unix-dev mailing list