Yenya's World

Fri, 18 Nov 2011

Google Authenticator

For some time, I have been considering adding two-factor authentication to my systems in order to prevent break-ins in case somebody's workstation is compromised (which is a common attack vector these days). One of the systems for one-time passwords is Google Authenticator.

G-A has an application for many smart-phone platforms (Android, iOS, Blackberry), and has a PAM module, which is even packaged in Fedora. It stores users' secrets in a file in the home directory, and uses 6-digit time-based passwords and 8-digit emergency scratch passwords. The configuration in Fedora is pretty straightforward:

There are several problems with SSH-daemon, though:

Especially the second problem is pretty serious, as I wanted to allow also public key + one-time password authentication there.

So, my dear lazyweb, what kind of two-factor authentication do you use?

Section: /computers (RSS feed) | Permanent link | 2 writebacks

About:

Yenya's World: Linux and beyond - Yenya's blog.

Links:

RSS feed

Jan "Yenya" Kasprzak

The main page of this blog

Categories:

Archive:

Blog roll:

alphabetically :-)