dyr: (Default)
[personal profile] dyr
As already many of you knows, Google had supported two-factor authentication since last year. This authentication based on RFC 3246 and implement counter/time-based (COTP/TOTP, accordingly) one-time passwords. So it's time to use it to login on the our FreeBSD servers, where second part of two-factor will be based on your Android device with installed Google Authenticator .

The reciept is a pretty cool and simple.
  1. Install on the server "pam_google_authenticator" and, optionally, ibqrencode (it will show us QR-Code directly in console by...pseudo-text, looks really impressive.).
  2. After install, run "google-authenticator" under desired user (i.e. for "dyrez" - "sudo -u dyrez google-authenticator"). After a few simple questions, open Google Authenticator on your phone and choose "Add account" -> "Scan barcode". The barcode, as you already should have seen, will be on the screen (if you had installed libqrencode) or by inserting URL from screen to your browser (looks like "https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://")
  3. Edit /etc/pam.d/sshd -  add "auth sufficient /usr/local/lib/pam_google_authenticator.so" before "auth required pam_unix.so no_warn try_first_pass".
  4. ???
  5. PROFIT!
That's enough! Now you could login with using one-time codes generated on your phone, or by using your old-school UNIX password.


P.S. It's also an attempt to enhance my english skills, so any comments are welcome.
From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

dyr: (Default)
dyr

May 2016

S M T W T F S
1234567
891011121314
15161718192021
2223242526 2728
293031    

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 28th, 2017 04:48 am
Powered by Dreamwidth Studios