Hi, Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services? Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this. Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc? Any pointer would be appreciated. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Cell: 082 554 7532 Fax: 086 268 8492
Am 28.01.2013 08:51, schrieb Rudi Ahlers:> Hi, > > Does anyone know of a stable / working "2way authentication" system for > SSH, and even web authentication services? > > Most of the banks in South Africa have a system that, when you want to make > a payment, they send you an SMS and you need to verify the action with a > secret code which was SMS'd to you. gmail also has this. > > Does anyone know of a "universal" plugin / application that can be used > with SSH and even websites like Wordpress / Joolma / Webmin / etc? > > > Any pointer would be appreciated.You may check LinOTP http://www.linotp.org/index.php/about Don't know your business case, but maybe even the commercially supported variant may be of interest for you. Regards Alexander
2013/1/28 Rudi Ahlers <Rudi at softdux.com>:> Hi, > > Does anyone know of a stable / working "2way authentication" system for > SSH, and even web authentication services? > > Most of the banks in South Africa have a system that, when you want to make > a payment, they send you an SMS and you need to verify the action with a > secret code which was SMS'd to you. gmail also has this. > > Does anyone know of a "universal" plugin / application that can be used > with SSH and even websites like Wordpress / Joolma / Webmin / etc? >http://www.rcdevs.com/products/openotp/ with http://www.yubico.com/products/yubikey-hardware/yubikey/ is good solution. -- Eero
On 01/28/2013 02:51 AM, Rudi Ahlers wrote:> Hi, > > Does anyone know of a stable / working "2way authentication" system for > SSH, and even web authentication services? > > Most of the banks in South Africa have a system that, when you want to make > a payment, they send you an SMS and you need to verify the action with a > secret code which was SMS'd to you. gmail also has this. > > Does anyone know of a "universal" plugin / application that can be used > with SSH and even websites like Wordpress / Joolma / Webmin / etc? > > > Any pointer would be appreciated.As you can see by the responses, there is no 'universal' plugin. The whole arena of authentication is plagued with bootstrapping challenges, security flaws, and complexity (like JSON). I am the author of one of the alternatives (HIP), and my recommendation is just choose your poison.
Carlos Eduardo Pedroza Santiviago
2013-Jan-30 13:17 UTC
[CentOS] 2way authentication for SSH?
I use Duo Security (http://www.duosecurity.com) and recommend it. On Mon, Jan 28, 2013 at 5:51 AM, Rudi Ahlers <Rudi at softdux.com> wrote:> Hi, > > Does anyone know of a stable / working "2way authentication" system for > SSH, and even web authentication services? > > Most of the banks in South Africa have a system that, when you want to make > a payment, they send you an SMS and you need to verify the action with a > secret code which was SMS'd to you. gmail also has this. > > Does anyone know of a "universal" plugin / application that can be used > with SSH and even websites like Wordpress / Joolma / Webmin / etc? > > > Any pointer would be appreciated. > > -- > Kind Regards > Rudi Ahlers > SoftDux > > Website: http://www.SoftDux.com > Technical Blog: http://Blog.SoftDux.com > Cell: 082 554 7532 > Fax: 086 268 8492 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Carlos Eduardo Pedroza Santiviago -- http://softwarelivre.net
-----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Rudi Ahlers Sent: Monday, January 28, 2013 8:52 AM To: CentOS Subject: [CentOS] 2way authentication for SSH? Hi, Does anyone know of a stable / working "2way authentication" system for SSH, and even web authentication services? Most of the banks in South Africa have a system that, when you want to make a payment, they send you an SMS and you need to verify the action with a secret code which was SMS'd to you. gmail also has this. Does anyone know of a "universal" plugin / application that can be used with SSH and even websites like Wordpress / Joolma / Webmin / etc? Any pointer would be appreciated. -----Original Message----- Is it really 2way (as in mutual) authentication or 2factor authentication? Mutual authentication is normally done with ssl (server + client) certificates. Most http engines (apache, tomcat) do support them. For two factor (have, know) authentication "some assembly" is required, at least for openssh. See: http://roumenpetrov.info/openssh/ Generally speaking, you _do_ want a trusted third party (like a CA) and certainly _not_ another additional unreliable man-in-the-middle. I mean: like google. But should I trust them with regards to security and availability??? HW ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.