dyr: (Default)
[personal profile] dyr
As already many of you knows, Google had supported two-factor authentication since last year. This authentication based on RFC 3246 and implement counter/time-based (COTP/TOTP, accordingly) one-time passwords. So it's time to use it to login on the our FreeBSD servers, where second part of two-factor will be based on your Android device with installed Google Authenticator .

The reciept is a pretty cool and simple.
  1. Install on the server "pam_google_authenticator" and, optionally, ibqrencode (it will show us QR-Code directly in console by...pseudo-text, looks really impressive.).
  2. After install, run "google-authenticator" under desired user (i.e. for "dyrez" - "sudo -u dyrez google-authenticator"). After a few simple questions, open Google Authenticator on your phone and choose "Add account" -> "Scan barcode". The barcode, as you already should have seen, will be on the screen (if you had installed libqrencode) or by inserting URL from screen to your browser (looks like "https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://")
  3. Edit /etc/pam.d/sshd -  add "auth sufficient /usr/local/lib/pam_google_authenticator.so" before "auth required pam_unix.so no_warn try_first_pass".
  4. ???
  5. PROFIT!
That's enough! Now you could login with using one-time codes generated on your phone, or by using your old-school UNIX password.

P.S. It's also an attempt to enhance my english skills, so any comments are welcome.

Date: 2012-06-08 05:03 pm (UTC)
From: [identity profile] hotid.livejournal.com
Йопт. Этож ебануться - на каждый заход ещё и otp генерить. Учитывая что в среднем за день я раз 50 на разные машины хожу - проще застрелиться сразу :)

Date: 2012-06-09 06:01 am (UTC)
From: [identity profile] http://users.livejournal.com/_dyr/
Из дома и с работы я сижу через pubkey и agent forwarding, а вот в предстоящем отпуске буду заходить из хрен знает каких мест, так что для использования во всяких компьютерных кафе - вещь!


dyr: (Default)

May 2016

2223242526 2728

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 19th, 2017 06:53 pm
Powered by Dreamwidth Studios