@article{M30A7D0BC,
title = "Development of TOTP-Based SSH Mutli-Factor Authentication System",
journal = "The Journal of Korean Institute of Communications and Information Sciences",
year = "2025",
issn = "1226-4717",
doi = "10.7840/kics.2025.50.11.1788",
author = "Jinyong Jo, Dongkyun Kim, Buseung Cho",
keywords = "Multi-factor authentication, OpenLDAP, SSH, TOTP, PAM",
abstract = "This study presents the implementation of a TOTP-based multi-factor authentication system to address the security vulnerabilities of single-factor SSH authentication. More than 65% of SSH servers worldwide rely solely on password authentication, making them vulnerable to brute-force or man-in-the-middle attacks. Existing OpenLDAP-based SSH multi-factor authentication systems using TOTP process a password and a TOTP passcode as a single concatenated string, which hinders identifying the cause of authentication failures and limits the combination of various authentication factors. The proposed system separates primary and secondary authentication by implementing an OpenLDAP extended operation and SSH server PAM modules independently. The implementation enables independent verification of each authentication factor, clear identification of failures, and flexible combination of diverse authentication methods. To reduce security risks from client-side key breaches, TOTP shared keys are centrally managed in the OpenLDAP server. Evaluation results demonstrate OATH compliance and broad compatibility with SSH clients and TOTP applications. The system achieved a 100% response rate and processed 12.6 authentication requests per second in a concurrent 20-user environment."
}