How to Create High security multifactor authentication
Posted: 11 May 2008, 06:21
Hi
Just wanted to let you all know of a cool way to have: High security multifactor authentication using a series of single-use "passcodes"
As many of us like the bubba for it's power and versatility, we also want to be able to connect to it from outside our home-network.
SSH/Putty gives us the opportunity to open up our entire home-network from a remote location.
This of course adds to the security risk.
Which is why i created this how to, to let you all know of a way to implement a High security multifactor authentication.
One tip: do not open port 22 in your router for ssh (as hackers are scanning for known port numbers), but choose a random port number.
The information about the High security multifactor authentication using a series of single-use "passcodes" can be found at https://www.grc.com/ppp.htm
Or listen to the podcasts on the subject at http://www.grc.com/securitynow.htm
This how to describes my installation of the PAM module by Thomas Fors (http://code.google.com/p/ppp-pam/)
Note: i installed and tested this on Etch, Sarge should also work.
Packages
Install the packages, using the Debian sources, see Howto install Debian packages [5].
Installation
Test to confirm it builds correctly
Install the pppauth utility and PAM module in the appropriate folders.
Configuration
Enable PPP authentication for ssh connections.
Enter the following line just below: @include common-auth
Create a PPP sequence key for your user account you use to login.
This will probably not be root!
Generate a passcard. Print or save it
Try logging in to test it.
Have fun
Eek
References
1. https://www.grc.com/ppp.htm
2. http://www.grc.com/ppp/software.htm
3. http://code.google.com/p/ppp-pam/
4. http://code.google.com/p/ppp-pam/wiki/Building
5. http://forum.excito.net/viewtopic.php?t=421
Just wanted to let you all know of a cool way to have: High security multifactor authentication using a series of single-use "passcodes"
As many of us like the bubba for it's power and versatility, we also want to be able to connect to it from outside our home-network.
SSH/Putty gives us the opportunity to open up our entire home-network from a remote location.
This of course adds to the security risk.
Which is why i created this how to, to let you all know of a way to implement a High security multifactor authentication.
One tip: do not open port 22 in your router for ssh (as hackers are scanning for known port numbers), but choose a random port number.
The information about the High security multifactor authentication using a series of single-use "passcodes" can be found at https://www.grc.com/ppp.htm
Or listen to the podcasts on the subject at http://www.grc.com/securitynow.htm
This how to describes my installation of the PAM module by Thomas Fors (http://code.google.com/p/ppp-pam/)
Note: i installed and tested this on Etch, Sarge should also work.
Packages
Install the packages, using the Debian sources, see Howto install Debian packages [5].
Code: Select all
apt-get install subversion make gcc g++ uuid-dev libpam0g-dev
apt-get install wgetCode: Select all
$ cd /tmp
$ wget http://ppp-pam.googlecode.com/files/ppp-pam-0.2.tar.gz
$ tar -xvzf ppp-pam-0.2.tar.gz
$ cd ppp-pam/build
$ ../configure
$ make
Code: Select all
make testCode: Select all
make installEnable PPP authentication for ssh connections.
Code: Select all
vi /etc/pam.d/sshMake sure you have the following settings in sshd_configauth required pam_ppp.so
Code: Select all
vi /etc/ssh/sshd_configUsageChallengeResponseAuthentication yes
UsePAM yes
Create a PPP sequence key for your user account you use to login.
This will probably not be root!
Code: Select all
pppauth --keyCode: Select all
pppauth --text --next 1Code: Select all
ssh localhostEek
References
1. https://www.grc.com/ppp.htm
2. http://www.grc.com/ppp/software.htm
3. http://code.google.com/p/ppp-pam/
4. http://code.google.com/p/ppp-pam/wiki/Building
5. http://forum.excito.net/viewtopic.php?t=421