2

Are there any tangible improvements to gain from enabling TOTP (google-authenticator PAM plugin) over existing public key based SSH connections?

Does it make security sense to enable TOTP based Two-Factor auth for SSH into bastion servers? I get what advantages OTP offers for web applications, but what about SSH? Are there existing examples for infrastructure security that uses OTP that I can learn from?

eternaltyro
  • 817
  • 7
  • 16

1 Answers1

1

What advantages do you see with OTP for web applications? Could there be the same advantages for SSH? So the question is, which threats do you have when using SSH keys?

I think one central threat is, that you can not control or know if a user looses his private SSH key. You can not even know or assure in the first, if the user protects his private SSH key with a passphrase. (unless you are using smartcards for the private SSH key).

So in my opinion, yes, it can improve security to also add OTP to an SSH connection given:

  1. The administrator controlls the creation of the OTP devices and
  2. You are using hardware OTP tokens

In this case

  1. the user can keep up security by protecting his private SSH key (which can not be controlled by the administrator, the company or organization)
  2. the administrator can keep up security by controlling the secure 2nd factor of the OTP token.

I wrote a blog entry about this utilizing privacyIDEA to manage the OTP 2nd factors.

cornelinux
  • 1,993
  • 8
  • 11
  • Why should hardware OTP tokens be a requirement for security? Because soft-tokens suffer similar disadvantages to private-keys? – eternaltyro May 28 '19 at 02:21
  • 1
    Yes. Softtokens on smartphones are under the same control of the **user** like the SSH keys. Depending on the rollout process the **administrator** or **organization** can not be sure, that the user handles this factor with care. See https://netknights.it/en/the-problem-with-the-google-authenticator/ – cornelinux May 28 '19 at 06:06