Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [two-factor-authentication]

33 questions
1
vote
1 answer

SSH authentication: (public key xor password) + google authenticator code

I'm using Debian bullseye. I'm trying to set up SSH two types logins: password + code from Google's Authenticator (if user set it, "nullok" option), public key + code from Google's Authenticator (if user set it, "nullok" option). Type #1 works for…
Karol
  • 11
  • 3
1
vote
1 answer

MS RRAS + MS VPN Client + Google Authenticator + SecureMFA

I'm running on-premise Windows Server 2019 domain, and Microsoft RRAS to allow remote users access to the local network. Remote users are using the built-in Microsoft VPN SSTP for Windows 10 clients and L2TP for Mac clients. My objective is to…
SpecProd
  • 11
  • 2
1
vote
1 answer

Security of a hardware token vs software token for two-factor authentication

Surprisingly I don't see this question on ServerFault already. I'm wondering about the pros and cons of hardware token vs software token for two-factor authentication - only in the context of security, not convenience. I am referring only to the…
ScottStonehouse
  • 979
  • 4
  • 16
  • 25
0
votes
0 answers

Is using HOTP only authorization considered weak?

I have seen many experts advising usage of some kind of OTP as second step of 2FA schemes. I fully understand 2FA is more secure than Single Authorization, but it is also more inconvenient for casual user. We currently have schemes with "strong…
ZioByte
  • 246
  • 3
  • 15
0
votes
2 answers

Security concerns with Microsoft Authenticator App - it can approve requests from locked iPhone?

We're using the Microsoft Authenticator App for providing Multi-factor authentication (MFA) to resources protected by Azure AD. I noticed you can approve a request by swiping the push notification from a locked iPhone screen on iOS and approve a…
Jonas Stensved
  • 223
  • 2
  • 6
  • 17
0
votes
1 answer

PAM Ignore Password Prompt Upon Successful Login

I have a CentOS 7 server that uses key based authentication for login, along with using Google Authenticator for two-factor authentication. I am wishing to set it up, so that upon a successful login (the user entered the correct code from Google…
l00kadiversion
  • 11
  • 3
0
votes
1 answer

want SSH banner to show up before OTP and password request

We use two-factor-authentication for some servers, i.e. OTP (one time password) token plus password. I want to provide users with some informations BEFORE they are asked for their credentials. With single factor authentication this can easily be…
MarkHelms
  • 171
  • 5
  • 15
0
votes
2 answers

Implementing 2 -Factor Authentication

My company access a Third-party website, that uses a simple username + password authentication method. This vendor could restrict the application access (website) to a defined ip range. We are trying to implement 2-Factor Authentication to protect…
p.magalhaes
  • 101
  • 2
0
votes
1 answer

Google-2fa: How to recover an account when emergency codes are not available?

There's a server in my company which is configured with Google two-factor authentication. A user from the company has lost his phone and can't find his emergency codes. What can be done in order to recover his account? Is is possible to enforce 2FA…
Itai Ganot
  • 10,424
  • 27
  • 88
  • 143
0
votes
1 answer

How to secure AD administration with MFA

I'm evaluating an MFA solution such as Duo or Okta (any one have an opinion on that?). Adding MFA to web logins is straight forward but I want to add another layer of security to our Active Directory administration. Do any solutions work with…
FredS
  • 53
  • 1
  • 1
  • 11
0
votes
1 answer

google-authenticator for two-factor-authentication support with openvpn client on linux

I am trying to get openvpn client to work with google-authenticator and two-factor-authentication. I cannot alter the server in any way (i.e. I cannot do password/token concactenation via pam mods, etc). I assume this would require recompiling the…
nandoP
  • 2,001
  • 14
  • 15
0
votes
0 answers

How can I setup 2FA on non-interactive SSH connections?

I would like to add a level of security for logins to an SSH server (Ubuntu), using two factor authentication. One particularity on how the users connect to the SSH server is that sometimes they do it in a non-interactive way: the SSH server is…
Bruno Pérel
  • 121
  • 1
  • 4
0
votes
1 answer

What are the best ways to implement two-factor authentication for a windows domain?

I have been asked to make our end users use two-factor authentication. I haven't had to do this before. I was wondering what the common practices are to do this nowadays? I am running windows 10 client side and windows server 2019 as my domain…
nate
  • 407
  • 5
  • 7
  • 17
0
votes
2 answers

GSuite: how to change authenticator device?

I'm GSuite admin for my domains. I have a new phone. How do I get a new QR for Google Authenticator. I've been clicking around and don't see it anywhere.
Ty Kroll
  • 101
  • 1
-1
votes
1 answer

RDP on premises with 2FA on Azure AD

We are looking to implement a two-factor authentication mechanism for our client's Remote Desktop servers (not running on Azure). All my clients have Azure Active Directory, so I thought I could integrate those two systems (RDP and Azure AD) so that…
gsandorx
  • 9
  • 4
1
2
3