LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 08-31-2012, 05:25 AM   #1
lifeonatrip
LQ Newbie
 
Registered: Aug 2012
Distribution: Debian
Posts: 14

Rep: Reputation: Disabled
Best 2 factors authentication for SSH and Apache 2.4


Hi All,

I have a high secure environment (PCI DSS Level 1 compliant) based on RHEL 5, I am using Apache as front-end for the application layer and of course SSHd to login into the servers.

My question is:
I need to apply a 2 factors auth for both Apache and SSHd, what is the best solution that can be easily integrated with both systems (trough PAM or some apache module) with less costs and headache?
At the moment we are using RSA tokens in other systems but I don't think it's the best solution and anyway isn't cheap (200$ for a soft token on the smartphone is just too much.)

If you need more informations don't hesitate to ask!

Thanks in advance,
Lifeonatrip
 
Old 08-31-2012, 05:54 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
I found ActivIdentity's activcard solution pretty simple, with a nicer pricing model. It uses direct radius protocols so no special measures required unlike RSA.
 
Old 08-31-2012, 07:43 AM   #3
lifeonatrip
LQ Newbie
 
Registered: Aug 2012
Distribution: Debian
Posts: 14

Original Poster
Rep: Reputation: Disabled
Thanks for the response, I am looking at the website, but practically what are the steps in order to implement the solution?
Buy an appliance or just install the daemon to create the OTPs and integrate it with a client side pam/apache module?
 
Old 08-31-2012, 07:59 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,344

Rep: Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945Reputation: 1945
Well the solution I used was a service on windows, very simple for a proper enterprise viable solution. Are you looking for a more open solution though? have a look at wikid http://www.wikidsystems.com/community-version they have android clients for a price too, although I don't really know much about the technical side of the solution they provide to any useful extent.

http://www.e-things.org/go/?p=19 would also be a good example of a extremely simple solution that might work for you.

Last edited by acid_kewpie; 08-31-2012 at 08:00 AM.
 
1 members found this post helpful.
  


Reply

Tags
apache, apache authentication, authentication, pam, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is ssh keys authentication more secure than password authentication? GrepAwkSed Linux - Security 6 03-17-2012 08:25 PM
configure ssh authentication using password file and sftp/scp authentication using ld cameliab Linux - Software 1 08-29-2011 03:28 AM
scp without authentication and ssh with authentication? bkcreddy17 Linux - Server 7 10-08-2008 01:33 AM
Help load at 43! What factors does abefroman Linux - Software 2 12-09-2005 02:05 PM
SSH authentication blmack44 Linux - Security 1 12-31-2004 02:13 PM


All times are GMT -5. The time now is 01:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration