LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Best 2 factors authentication for SSH and Apache 2.4 (http://www.linuxquestions.org/questions/linux-security-4/best-2-factors-authentication-for-ssh-and-apache-2-4-a-4175424935/)

lifeonatrip 08-31-2012 05:25 AM

Best 2 factors authentication for SSH and Apache 2.4
 
Hi All,

I have a high secure environment (PCI DSS Level 1 compliant) based on RHEL 5, I am using Apache as front-end for the application layer and of course SSHd to login into the servers.

My question is:
I need to apply a 2 factors auth for both Apache and SSHd, what is the best solution that can be easily integrated with both systems (trough PAM or some apache module) with less costs and headache?
At the moment we are using RSA tokens in other systems but I don't think it's the best solution and anyway isn't cheap (200$ for a soft token on the smartphone is just too much.)

If you need more informations don't hesitate to ask!

Thanks in advance,
Lifeonatrip

acid_kewpie 08-31-2012 05:54 AM

I found ActivIdentity's activcard solution pretty simple, with a nicer pricing model. It uses direct radius protocols so no special measures required unlike RSA.

lifeonatrip 08-31-2012 07:43 AM

Thanks for the response, I am looking at the website, but practically what are the steps in order to implement the solution?
Buy an appliance or just install the daemon to create the OTPs and integrate it with a client side pam/apache module?

acid_kewpie 08-31-2012 07:59 AM

Well the solution I used was a service on windows, very simple for a proper enterprise viable solution. Are you looking for a more open solution though? have a look at wikid http://www.wikidsystems.com/community-version they have android clients for a price too, although I don't really know much about the technical side of the solution they provide to any useful extent.

http://www.e-things.org/go/?p=19 would also be a good example of a extremely simple solution that might work for you.


All times are GMT -5. The time now is 10:09 AM.