[talk] 2FA on BSD (was Re: Reducing password fatigue on OpenBSD (or any BSD))
N.J. Thomas
njt at ayvali.org
Tue Apr 21 10:55:29 EDT 2015
* Sujit K M <sjt.kar at gmail.com> [2015-04-21 17:14:34+0530]:
> > On a slightly tangential note, I started playing with Google
> > Authenticator recently:
> >
> > https://github.com/google/google-authenticator/
> >
> > It's worked very well so far:
>
> But how does it plugin to other tools. Would it run over SSH and do
> authentication on
> top of it.
For ssh, it's a PAM module. If you ssh in using a key, then it's
bypassed. But if you ssh in and a password is needed to authenticate, it
will ask for the verification code on top of that.
Observe:
$ ssh example.org
Password for user at example.org: [enter password here]
Verification code: [enter TOTP here]
Last login: Fri Apr 3 02:12:48 2015 from example.edu
FreeBSD 10.1-RELEASE-p6 (GENERIC) #0: Tue Feb 24 19:00:21 UTC 2015
Welcome to FreeBSD!
[...]
The only difference from a normal ssh session is the addition of that
verification code prompt.
hth,
Thomas
More information about the talk
mailing list