The most common way of logging in is public keys in LDAP. You can edit the set of keys in LDAP thus:-

# Set $EDITOR if vi isn't your thing
$ ldapvi --discover -D uid=${USER},ou=Users,dc=wormnet,dc=eu -h ldapi:/// uid=${USER}

There are now password based logins, either use public-key or OTP.

You do stuff with opiepasswd. Something like:

1. Set up your generator with a secret
2. Tell opiepasswd the initial sequence number and seed

* VejOTP works on any MIDP-compatible phone

There is a web-based SSH client available at https://marmot.wormnet.eu/shell. You will need to have configured OTP to be able to use it.

sslh is being used to multiplex SSH and HTTPS on 443. This means you can go via an HTTPS proxy to gain access.