Google Authenticator is a TOTP (Time based One Time Password) PAM (Pluggable Authentication Module) which is supported and serviced by Google.
Questions tagged [google-authenticator]
62 questions
1
vote
1 answer
SSH Authentication using RADIUS + Google Authenticator
I'm trying configure my SSHD's to authenticate users using FreeRadius. The FreeRadius server needs to first require a valid OTP using Google Authenticator, and then verify the system account password.
I can get things working if I set the Radius…
noderunner
- 171
- 2
- 8
1
vote
1 answer
Google Authenticator - generate new set of emergency codes
I use Google Authenticator on my SSH servers with Andoid app for generating codes.
After I run $ google-authenticator application create set of emergyncy…
martin
- 218
- 1
- 3
- 11
1
vote
0 answers
FreeRadius-GoogleAuthenticator-Kerberos Password Change Weirdness
We are using FreeRadius, Kerberos and Google Authenticator to implement two-factor authentication. The two factor auth works fine, both from radtest and from a Watchguard firewall. To log in, a user enters their Kerberos password and concatenates…
DASHbay
- 11
- 1
1
vote
1 answer
possible? radius server with active directory users and google authentication
We currently have an old RSA token - Radius environment we want to replace
Would this architecture be possible?
(this works, there are examples on the internet)
Linux server
Google Authentication
Fee radius server
Now the new part:
User list would…
hoberion
- 231
- 2
- 15
1
vote
3 answers
Using Google Authenticator with an IMAP server
Google released it's Google Authenticator Module with a PAM interface.
Have someone experience on implementing this into an imap server?
cedivad
- 680
- 3
- 13
- 25
1
vote
1 answer
Enforcing 2FA configuration on next SSH login for every user
I have found numerous tutorials on how to enable 2FA (TOTP, RFC 6238) but is there also a way to force SSH users to configure it on the first login? (I am using OpenSSH server)
I guess I could create a script that runs everytime and checks whether a…
phk
- 65
- 9
1
vote
1 answer
SSH authentication: (public key xor password) + google authenticator code
I'm using Debian bullseye. I'm trying to set up SSH two types logins:
password + code from Google's Authenticator (if user set it, "nullok" option),
public key + code from Google's Authenticator (if user set it, "nullok" option).
Type #1 works for…
Karol
- 11
- 3
1
vote
1 answer
MS RRAS + MS VPN Client + Google Authenticator + SecureMFA
I'm running on-premise Windows Server 2019 domain, and Microsoft RRAS to allow remote users access to the local network. Remote users are using the built-in Microsoft VPN SSTP for Windows 10 clients and L2TP for Mac clients.
My objective is to…
SpecProd
- 11
- 2
0
votes
1 answer
Linux PAM: SSH key + 2FA (google authenticator) + password - Specify auth requirements per user
I have installed and configured PAM on my Ubuntu server which is working correctly. To log in I want to require an SSH Key to be installed, a password to be provided and a valid code from an authenticator app.
The issue that I have is that I would…
Ben Turner
- 101
- 4
0
votes
0 answers
SSH disabling google-authenticator from specific IP
I have setup google-authenticator as 2FA together with publickey authentication. What I need is to skip the 2FA when connecting by SSH from specific IP.
I'm running Ubuntu 18.04.
Relevant snippet from of /etc/pam.d/sshd
# PAM configuration for the…
J91321
- 156
- 6
0
votes
0 answers
Is using HOTP only authorization considered weak?
I have seen many experts advising usage of some kind of OTP as second step of 2FA schemes.
I fully understand 2FA is more secure than Single Authorization, but it is also more inconvenient for casual user.
We currently have schemes with "strong…
ZioByte
- 246
- 3
- 15
0
votes
0 answers
Is the configuration I want possible? Problems with SSH to Redhat server using google authentication 2fa
I'm attempting to configure two factor authentication when using SSH to connect to my redhat ec2 instance.
I would like to configure it like this:
If user has both ssh key and google auth set up, use these two factors
If user has no ssh key, use…
Jquinn
- 1
0
votes
0 answers
Multi-Factor Authentication varieties and is there a universal bridge for them
I am trying to research a project on how to connect to multiple enterprise environments that employ multi-factor authentication using a singular approach. My question is, are there any systems out there that can provide a single MFA interface that…
spinon
- 101
- 2
0
votes
1 answer
RHEL 7 google-authenticator publickey only with optional MFA
I am trying to setup MFA on RHEL 7 and running into a chicken and egg problem. If I enable MFA in pam you can't login to setup your .google-authenticator file. I understand that the nullok option in pam should allow this to work and pass through…
MFG
- 1
- 1
0
votes
0 answers
Google Authenticator on Nginx
I built Nginx with ngx_http_auth_pam_module and edited Nginx configurations and /etc/pam.d/nginx like this
Part of virtual host setting
location / {
root /projects/admin;
index index.html index.htm;
auth_pam "Google Authenticator Code…
CodingBear
- 3
- 5