Matt Horan's Blog


Setting up two-factor authentication on FreeBSD

authentication freebsd hotp howto oath otp pam ssh totp

I typically utilize public key authentication when connecting via SSH to However, there are times when I’m away from a device which has my private key and need access to my server. I reluctantly enabled password authentication for those occasions, but after enabling two-factor authentication for most of the services that I use regularly, I wanted to do the same for my own server.


FreeRADIUS on FreeBSD and OpenLDAP

802.1x accounting authentication authorization eap freebsd freeradius gtc howto ldap openldap peap radius

Instead of relying on PAM or /etc/passwd for authentication and authorization, I decided to store account information in an OpenLDAP database. Of course I could have used NIS or flat file databases, but OpenLDAP proved to be the best solution for my situation.


1 of 1