Results 1 to 2 of 2

Thread: Securing SSH with two factor authentication using Google Authenticator

  1. #1

    Lightbulb Securing SSH with two factor authentication using Google Authenticator

    Those who knows and are interested, I've posted a step by step guide on how to secure SSH using two factor authentication using Google Authenticator. To me this seems a good guide and a better way to secure SSH. Debates/suggestions welcome.

    I tried to paste the guide here but apparently Kali forums got character limitations and I got the following error message when I tried to paste it here.

    (The text that you have entered is too long (16159 characters). Please shorten it to 10000 characters long)

    I tried dividing the post into multiple parts but then I got another error where I can only use 4 images per message.


    1. You have included a total of 6 images in your message. The maximum number that you may include is 4. Please correct the problem and then continue again.

      Images include use of smilies, the BB code [img] tag, and HTML <img> tags. The use of these is all subject to them being enabled by the administrator.

    So I am Leaving a link here so that interested users can find and read it.


    Link to original post: http://www.blackmoreops.com/2014/06/...authenticator/



    Securing SSH with two factor authentication using Google Authenticator

    Two-step verification (also known as Two-factor authentication, abbreviated to TFA) is a process involving two stages to verify the identity of an entity trying to access services in a computer or in a network. This is a special case of a multi-factor authentication which might involve only one of the three authentication factors (a knowledge factor, a possession factor, and an inheritance factor) for both steps. If each step involves a different authentication factor then the two-step verification is additionally two-factor authentication.

    Google’s two-step verification process

    Google was one of the first Internet companies to introduce a two-step verification process. To access a Google service using the two-step verification process, a user has to go through the following two stages:
    The first step is to log in using the username and password. This is an application of the knowledge factor.
    The implementation of the second step requires a mobile phone or the Google Authenticator application, which is an application of the possession factor.

    If the user opts to use a mobile phone, he/she has to register his/her phone number with Google. When one attempts to authenticate with username and password, Google will send via SMS a new, unique code to the phone. Receiving the SMS demonstrates that the user has the phone (or, in the case of GSM like networks the appropriate SIM chip).
    If the user opts to use the Google Authenticator (or another supported code generator application), he/she simply opens the application, which generates a new code every 30 seconds. This code is to be entered to complete the log in process. As a backup option in case the registered mobile phone or device running Google Authenticator is lost, stolen, or otherwise unavailable, the user can print a set of static single-use backup codes (also the knowledge factor) and store them in a safe place.
    The following are some other sites which offer two-step verification service:

    1. Amazon Web Services
    2. ANX
    3. App.net
    4. Apple ID
    5. Authy
    6. Battle.net
    7. Bitstamp
    8. Blockchain.info
    9. Box
    10. Dropbox
    11. eBay
    12. Etrade
    13. Evernote
    14. Facebook
    15. GitHub
    16. GoDaddy
    17. HootSuite
    18. Lastpass
    19. LinkedIn
    20. LocalBitcoins
    21. Microsoft
    22. MongoLab
    23. Namecheap
    24. PayPal
    25. SocialFlow
    26. timetotrade
    27. Tumblr
    28. Twitter
    29. Viaduct
    30. WordPress
    31. Yahoo! Mail
    32. innoview.gr
    33. zoho


    Google Authenticator

    Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.
    [Source: WikiPedia]



    Note: Google Authenticator doesn’t “call home” to Google — all the work happens on your SSH server and your phone. Google Authenticator is a open-source software, that means you can check the codes yourself. I guess after what happened with openSSL, that’s not a bad idea after all.

    In this article I will demonstrate how to secure SSH by setting up Two Factor Authentication (TFA) with Google Authenticator for the following Linux operating systems:

    1. Debian
    2. Ubuntu
    3. Linux Mint
    4. Kali Linux
    5. Red Hat
    6. CentOS
    7. Fedora

    Google Authenticator can be used in the following smartphones:

    1. Android,
    2. iOS and
    3. Blackberry.

    I am not too sure if you can use this on a Windows Based phone (i.e. new Nokia phones or Windows Mobiles devices). Feel free to try and report back.

    App Download Links as follows:


    1. Android: https://play.google.com/store/apps/d...ticator2&hl=en
    2. iOS: https://itunes.apple.com/au/app/goog...388497605?mt=8
    3. Blackberry: http://www.google.com/mobile/other

    More detailed per device install instructions can be found on this page:
    https://support.google.com/accounts/.../1066447?hl=en

    The implementation is exactly same except for some package name differences. So you can implement this in any Linux Operating System that uses these packages.

    Requirements

    Followings are the requirements for using Google Authenticator on your system:

    1. A PC running Linux
    2. A smartphone
    3. A running SSH server on your machine.

    In case you don’t have SSH server running, just follow this guide to install openSSH server.

    Link to original post: http://www.blackmoreops.com/2014/06/...authenticator/


    p.s. @MOD: if this violates any policy, feel free to remove this post. Thanks.
    Last edited by blackMORE; 2014-06-26 at 15:02. Reason: Can't paste whole guide or more than 4 images.

  2. #2
    Join Date
    2014-Jun
    Location
    Greece
    Posts
    133
    I've read both your articles and I love them. They are both* very well structured, organized and very well explained. All I have to do now is to digest all those information and make them work for real.

    Well done blackMORE !

    Maybe it will be a good idea to have the users of this forum, extra privileges (more than 4 pics, or more 10000 characters long) when is needed. Just seeing...

    * Securing SSH with two factor authentication using Google Authenticator and Kali Linux remote SSH – How to configure openSSH server
    Sorry for my English.

Similar Threads

  1. Securing laptops for employees
    By kickstand666 in forum General Archive
    Replies: 2
    Last Post: 2017-02-02, 14:20
  2. Right Angle usb adapter + Mini wireless USB = discreet form factor
    By AlX in forum NetHunter General Questions
    Replies: 2
    Last Post: 2016-10-19, 20:12
  3. Help in using Google Authenticator libpam as Login
    By consciousgamer in forum General Archive
    Replies: 0
    Last Post: 2016-01-28, 14:26
  4. Securing your NetHunter Device
    By muts in forum NetHunter Suggestions
    Replies: 1
    Last Post: 2014-10-14, 18:29

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •