search for: hotp

...IP address or an unusual hour. I already wrote a simple shell script that check these factors, but now, I have some options for the following, and I need to know your opinion if this is feasible or not. I want to use google authenticator Debian package (support the HMAC- Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP)) The challenge would be send via XMPP. This second part is fairly easy to do, I have all the packages on Debian, for instance sendxmpp. The first tests are promising. In case of success, the IP address is added to the li...

...39;t be possible to rely only on public-key signing instead? I already carry around a physical device with a public/private keypair in it, and I need that for SSH public-key authentication anyway. To avoid replay attacks, the signed data needs to be an ever increasing counter or timestamp a'la HOTP/TOTP. I think this could be a good builtin functionality of OpenSSH, it already has all of the public/private key trust infrastructure available, what is missing is just the plumbing to connect it the firewall. Maybe it could go into a separate binary and not in the default sshd though. How abou...

1: I meant like this: Without whitelisting, you can't login to SMTP or IMAP, password isn't valid at all. To enable SMTP and IMAP, you then either surf ro webmail, or the 2FA gateway, and login with: Username + password + 2FA code + captcha. When all is valid, then your IP is whitelisted for SMTP and IMAP access. This still means you have to use usename/password for SMTP/IMAP. So how

On Tue, 27 Oct 2020, Sebastian Nielsen wrote: > Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients. You can bodge it for HOTP/TOTP hardware token generators. Dovecot allows custom plugins to check passwords. The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to check validity. Joseph Tam <jtam.home at gmail.com>

Hey all, has anyone ever successfully implemented some form of OTP system with dovecot? Im looking at setting up an OATH/HOTP-TOTP based OTP for our services, but the webmail service (which uses dovecot) is a difficult one. Any info on implementations would be appreciated, Regards, Cor

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd

...57 PM To: dovecot at dovecot.org Subject: Re: SV: Looking for a guide to collect all e-mail from the ISP mail server On Tue, 27 Oct 2020, Sebastian Nielsen wrote: > Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients. You can bodge it for HOTP/TOTP hardware token generators.? Dovecot allows custom plugins to check passwords.? The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to check validity. Joseph Tam <jtam.home at gmail.com>

There has been some good discussion around our IBM security team as to what actually constitutes SSH multi factor authentication. There are 2 options being discussed. One, the Google Authenticator (OTP authentication). Two, Public/Private key authentication (pubkeyauthentication = yes) which supports pass phrase private key authentication. Which of these is considered multi-factor

...possible to rely only on public-key signing |instead? I already carry around a physical device with a public/private |keypair in it, and I need that for SSH public-key authentication anyway. |To avoid replay attacks, the signed data needs to be an ever increasing |counter or timestamp a'la HOTP/TOTP. | |I think this could be a good builtin functionality of OpenSSH, it |already has all of the public/private key trust infrastructure |available, what is missing is just the plumbing to connect it the |firewall. Maybe it could go into a separate binary and not in the |default sshd thoug...

https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen

...t; : > > > > /etc/xen/scripts/block: add XENBUS_PATH=backend/vbd/4/2049 & gt; > /etc/xen/scripts/block: add XENBUS_PATH=backend/vbd/4/2050 > > /etc/xen/scripts/vif-bridge: online XENBUS_PATH=backend/vif/4/0 > > /etc/xen/scripts/vif-bridge: Writing backend/vif/4/0/hotplug-status error > > to xenstore. /etc/xen/scripts/vif-bridge: Could not find bridge, and none > > was specified /etc/xen/scripts/vif-bridge: offline > > XENBUS_PATH=backend/vif/4/0 > > /etc/xen/scripts/vif-bridge: Writing backend/vif/4/0/hotplug-status error > > t...