Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
Am 28.01.2013 08:51, schrieb Rudi Ahlers:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
You may check LinOTP
http://www.linotp.org/index.php/about
Don't know your business case, but maybe even the commercially supported variant may be of interest for you.
Regards
Alexander
you can use openotp which is free upto 25 users.
http://www.rcdevs.com/products/openotp/
On Mon, Jan 28, 2013 at 1:37 PM, Alexander Dalloz ad+lists@uni-x.orgwrote:
Am 28.01.2013 08:51, schrieb Rudi Ahlers:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to
make
a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
You may check LinOTP
http://www.linotp.org/index.php/about
Don't know your business case, but maybe even the commercially supported variant may be of interest for you.
Regards
Alexander
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Jan 28, 2013 at 10:07 AM, Alexander Dalloz ad+lists@uni-x.orgwrote:
Am 28.01.2013 08:51, schrieb Rudi Ahlers:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to
make
a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
You may check LinOTP
http://www.linotp.org/index.php/about
Don't know your business case, but maybe even the commercially supported variant may be of interest for you.
Regards
Alexander
Thank you Alexander.
Do you know of any such product which doesn't need LDAP? I've never worked with LDAP and don't really want to spend time to learn it now.
Thank you Alexander.
Do you know of any such product which doesn't need LDAP? I've never worked with LDAP and don't really want to spend time to learn it now.
Would require a bit of work to make it 'universal' but for anything that can use PAM there's google authenticator...
http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators...
2013/1/28 James Hogarth james.hogarth@gmail.com:
Thank you Alexander.
Do you know of any such product which doesn't need LDAP? I've never worked with LDAP and don't really want to spend time to learn it now.
Would require a bit of work to make it 'universal' but for anything that can use PAM there's google authenticator...
http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
http://motp.sourceforge.net/ works without ldap.
-- Eero
Google authenticator? http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators...
On Mon, Jan 28, 2013 at 3:55 AM, James Hogarth james.hogarth@gmail.comwrote:
Thank you Alexander.
Do you know of any such product which doesn't need LDAP? I've never
worked
with LDAP and don't really want to spend time to learn it now.
Would require a bit of work to make it 'universal' but for anything that can use PAM there's google authenticator...
http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators...
Google Auth http://www.noktec.be/archives/1351 http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secur... http://prasys.info/2012/10/two-way-authentication-for-wordpress/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 28.01.2013 13:07, SilverTip257 wrote:
Google Auth http://www.noktec.be/archives/1351 http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secur... http://prasys.info/2012/10/two-way-authentication-for-wordpress/
How can one be concerned with security AND put his login at the mercy of google (or any other 3rd party)??
On 01/30/2013 08:40 AM, Nux! wrote:
On 28.01.2013 13:07, SilverTip257 wrote:
Google Auth http://www.noktec.be/archives/1351 http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secur... http://prasys.info/2012/10/two-way-authentication-for-wordpress/
How can one be concerned with security AND put his login at the mercy of google (or any other 3rd party)??
It depends on what the 3rd party is doing. In the case of PKI, the 3rd party is providing an attestation service. This is normally good, and presents little risk to the user(s). Exposure to tracking usage would be if OCSP (online cert checking, I suspect I got the wrong letters here) is used.
In the case of federated password identities and things like SAML and JSON, security CAN be good, but tracking is high.
Disclaimer: I am in the 3rd party authentication business. I am involved with Verizon's UIS (do a Google search on it :) ) and PKI.
On Wed, Jan 30, 2013 at 8:40 AM, Nux! nux@li.nux.ro wrote:
On 28.01.2013 13:07, SilverTip257 wrote:
Google Auth http://www.noktec.be/archives/1351
http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secur...
http://prasys.info/2012/10/two-way-authentication-for-wordpress/
How can one be concerned with security AND put his login at the mercy of google (or any other 3rd party)??
That's a good point to question.
I was in no way endorsing that one should use Google's Auth services. (Just that it exists and has been written about numerous times.)
Personally I do not use it now and would not use it for any systems that need to be secure. Which pretty much means unless I can run the auth daemons on a server I control, I won't be using it.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 01/30/2013 09:44 AM, SilverTip257 wrote:
On Wed, Jan 30, 2013 at 8:40 AM, Nux! nux@li.nux.ro wrote:
On 28.01.2013 13:07, SilverTip257 wrote:
Google Auth http://www.noktec.be/archives/1351
http://zonereseau.com/en/post/two-factor-ssh-authentication-via-google-secur...
http://prasys.info/2012/10/two-way-authentication-for-wordpress/
How can one be concerned with security AND put his login at the mercy of google (or any other 3rd party)??
That's a good point to question.
I was in no way endorsing that one should use Google's Auth services. (Just that it exists and has been written about numerous times.)
Personally I do not use it now and would not use it for any systems that need to be secure. Which pretty much means unless I can run the auth daemons on a server I control, I won't be using it.
after seeing this thread, i looked at the google auth stuff since i had been using that with dropbox and happy so far with it.
google is not in the auth chain at all. what they have done is take a standard algorithm for time based keys and made an android app and pam module that work together to allow for two factor auth. basically you are creating a shared secret that is combined with a timestamp and that computed value is used to confirm that the user authenticating knows that shared secret. very similar to the rsa fobs, but all done with open software. and yes, it is only as secure as your file storage is on the server being connected to because each users' shared secret is stored in their home folder. if you add the epel repo, it is available from them. tweak your ssh config to allow challenge/response and pam to require google auth and then each user creates their own secret. because of how ssh works, this only happens if you don't have a keypair in place, so it lets you fall back to password combined with the auth token.
2013/1/28 Rudi Ahlers Rudi@softdux.com:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
http://www.rcdevs.com/products/openotp/ with http://www.yubico.com/products/yubikey-hardware/yubikey/ is good solution.
-- Eero
On 01/28/2013 02:51 AM, Rudi Ahlers wrote:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
As you can see by the responses, there is no 'universal' plugin. The whole arena of authentication is plagued with bootstrapping challenges, security flaws, and complexity (like JSON).
I am the author of one of the alternatives (HIP), and my recommendation is just choose your poison.
On Mon, Jan 28, 2013 at 3:35 PM, Robert Moskowitz rgm@htt-consult.comwrote:
On 01/28/2013 02:51 AM, Rudi Ahlers wrote:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to
make
a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
As you can see by the responses, there is no 'universal' plugin. The whole arena of authentication is plagued with bootstrapping challenges, security flaws, and complexity (like JSON).
I am the author of one of the alternatives (HIP), and my recommendation is just choose your poison.
Thanx Robert.
I guess I should have seen this coming.... But I have quite a few new "leads" for applications that can offer this, even if I would need to implement more than 1 solution.
I use Duo Security (http://www.duosecurity.com) and recommend it.
On Mon, Jan 28, 2013 at 5:51 AM, Rudi Ahlers Rudi@softdux.com wrote:
Hi,
Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services?
Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this.
Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc?
Any pointer would be appreciated.
-- Kind Regards Rudi Ahlers SoftDux
Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Cell: 082 554 7532 Fax: 086 268 8492 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Alexander Dalloz -
ankush grover -
Carlos Eduardo Pedroza Santiviago -
Diego Sanchez -
Eero Volotinen -
James Hogarth -
Joe Pruett -
Nux! -
Robert Moskowitz -
Rudi Ahlers -
SilverTip257