similar to: SSH multi factor authentication

Displaying 20 results from an estimated 1000 matches similar to: "SSH multi factor authentication"

2016 Jul 04
2
SSH multi factor authentication
On Sun, 3 Jul 2016, Stephen Harris wrote: > On Sun, Jul 03, 2016 at 09:19:43PM -0500, Bruce F Bading wrote: > > One, the Google Authenticator (OTP authentication). > > On its own, this is not 2FA. It's single factor ("something you > have"). > > A combination of Google Authenticator _and_ password is 2FA. This is > easy to do with PAM. Agreed >
2016 Jul 09
2
SSH multi factor authentication
On Thu, Jul 7, 2016 at 10:00 AM, Bruce F Bading <badingb at us.ibm.com> wrote: > > Hi Gentlemen, > > Thank you both for your valued opinion. I do however agree that public key > authentication cannot be fully considered MFA as have 2 PCI QSAs I have > spoken with. This is because it is not enforceable server side. Many > things can affect client side security. >
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of
2020 Jan 06
4
2FA for Dovecot
Hi, My goal is to protect my mail account with 2FA, which isn't a crazy idea in 2020. Therefore, I would like to know the possibilities of configuring 2FA for Dovecot. In the documentation there are some hints of e.g. OTP in Dovecot [1] and using FreeIPA with Dovecot [2], where FreeIPA has the ability to enable OTP per user [3]. But I can't really find much practical information about
2023 Feb 20
1
(Open)SSH as a TOTP *Token*?
On Mon, 20 Feb 2023 at 20:03, Jochen Bern <Jochen.Bern at binect.de> wrote: > A quick question, if I may: Today, I heard a rumour that "ssh" can be > used as a TOTP *token* (i.e., accept or generate a secret for a > configuration and generate TOTP codes from there on out, to be entered > into some *other* software requesting them for 2FA). I'm not aware of any way
2020 Jun 26
14
[Bug 3188] New: Problems creating a second ecdsa-sk key for a second Yubikey
https://bugzilla.mindrot.org/show_bug.cgi?id=3188 Bug ID: 3188 Summary: Problems creating a second ecdsa-sk key for a second Yubikey Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keygen
2008 Nov 11
4
Can expect do this?
Hi all, I'm trying to scp some files from machine1 to machine2. But, I'm in an environment where PubKeyAuthentication is not allowed in ssh :( So, I'm confused how to automate it as cronjob. However, I read somewhere that we can write a little bash script that will utilize 'expect' to answer for the ssh password prompt? Can we do this? Any examples are great help. Thank you.
2008 Jun 29
1
sshd_config question
Hi.? I have configured sshd in OpenBSD to require publickey authentication. I've tried configuring FreeBSD to do the same, but I can still login via keyboard authentication. Here are the options I have in my sshd_config: PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no After setting those options I kill -HUP the sshd? process. Is there something simple I am missing?
2013 Mar 10
2
Logon with Client Certificate and OTP fallback
Dear Dovecot experts, we have unusual authentication requirements, namely: - almost all of our user are using a smartcard to connect with our mailserver. Thunderbird is our friend here as it will use the smartcard as an additional certificate store and Thunderbird will do client certificate based authentication when connecting via SSL with a mailserver - there's no way (at least that I know
2016 Jul 16
3
Moving Maildir folders
Hey!! It is now showing the former users' folders at the top level of the current user. Great! Perhaps dovecot just needed time to "index" the new messages? Anyway, Luigi's suggestion on moving and renaming the folders apparently worked. Thanks!!!! --Mark -----Original Message----- > Subject: Re: Moving Maildir folders > From: Frank-Ulrich Sommer <f-u.s at
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux @ client which ssh /usr/local/bin/ssh ssh -v OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 @ server which sshd /usr/local/bin/sshd sshd -v unknown option -- V OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time]
2019 Nov 07
2
samba login with U2F token
Dear all, I did try to google search the archives [1] but cannot find any information on this. Would it be possible to somehow implement a passwordless (or as a 2FA) to login to a remote samba (linux server)? Any suggestions greatly appreciated, Greg 1. https://lists.samba.org/archive/samba/
2016 Jul 09
2
SSH multi factor authentication
On Sat, Jul 9, 2016 at 10:30 AM, Ben Lindstrom <mouring at eviladmin.org> wrote: > You'd do this by either moving the authorized_keys to another a root owned > location using "AuthorizedKeysFile" (e.g. AuthorizedKeysFile > /etc/ssh/keys/authorized_keys.%u). Or you use "AuthorizedKeysCommand" and > put the keys into a "database" to reference
2020 Oct 21
6
"Semi-Trusted" SSH-Keys that also require PAM login
Hello all, in order to connect to my SSH servers from untrusted devices like company computers or my smartphone, I set up 2FA with google-authenticator hooked into PAM. However, this is not really 2FA at least for the smartphone, since I use the same device for generating the TANs and it is also at least inconvenient to always require a new TAN for each connection. I do not want to solely rely
2008 Apr 04
7
User-specific sshd_config?
Hi. I wonder if it would be possible to implement support for a user-specific sshd_config. The primary reason is that I would like the ability to specify that I'm only allowed to login with a key pair, even though the system-wide sshd configuration still allows passwords for other users. Of course, a user-specific sshd_config file should not be able to break the security policy of the
2008 Dec 22
3
reloading a new kernel
Hi - is it possible to load a SMP version of a kernel on a system running a single CPU version of the kernel without a reboot? For instance, a quad CPU system was accidentally booted as 2.6.9-78.0.5.EL but we need to load 2.6.9-78.0.5.ELsmp instead. Any help would be appreciated. -- Article. VI. Clause 3 of the constitution of the United States states: "The Senators and
2020 Apr 22
6
Recommendations on intrusion prevention/detection?
Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice. Is there a
2006 Apr 08
1
[Bug 1180] Add finer-grained controls to sshd
http://bugzilla.mindrot.org/show_bug.cgi?id=1180 Summary: Add finer-grained controls to sshd Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dtucker at
2011 Oct 09
1
Restricting users using one port
I have ssh running on port 22 and (say) port 33333. Port 22 is restricted at layer 3 so not much can get to it. Port 33333 is open to the world. I only want to allow one user to authenticated using port 33333, but all users to authenticate using port 22. Is there any way to do this without running 2 sshd processes? -- Alex Bligh
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi, On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote: > My ssh_config has > Host * > HostbasedAuthentication yes > EnableSSHKeysign yes > NoHostAuthenticationForLocalhost yes > > NoHostAuthenticationForLocalhost is not necessary. > The one you are missing is EnableSSHKeysign. > > Additionally, you made no mention of your ssh_known_hosts files. Make > sure