LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-03-2007, 02:03 AM   #1
Grasshopper
Member
 
Registered: Nov 2003
Location: CT, USA
Posts: 55

Rep: Reputation: 15
SSH - Two Factor Security Using Cellphone


How do all,

I just had a cool idea for strengthening SSH logins without resorting to key-based logins:

DISCLAIMER: I haven't researched this nor do I know if someone's had this idea before, I could very well be the last person to think of this, not the first. Not only that but it could also just be an all around crappy idea

Setup SSH to accept password logins. After a successful password login somehow trap the user/shell and present them with another login. This login would consist of another random password that was just generated on the fly and is sent via text message to a pre-defined cellphone number (maybe even one specific to whichever user you logged in as). After you've received the second, and one off, login via cellphone you enter it and login.

I was just thinking of a way to allow myself SSH access from various locations to my server without having to carry around my private key and also without going with only password protection.

This really isn't overly bright or unique as plenty of places have instituted similar two-factor authentication systems - I just wouldn't want to have to purchase one of those cool little random number login generators (if you've seen them you know what I mean).

Anyhow, what does LQ think? Do-able? Already done? Poor idea?

Enjoy
 
Old 02-03-2007, 02:11 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
yeah it's doable. you can run it at a simple level i guess by having one users login shell be an su or ssh (locally or remote) or similar, so you log in to one user account and then directly be sent to another login. the OTP could be sorted with chpasswd i guess... all scriptable at a basic level, but might benefit from a more dedicated coding project.

this is a scenario already in use by various systems, but i've only seen it as a backup for more conventional key fob things. so yeah... give it a go i'd say.
 
Old 02-03-2007, 11:59 PM   #3
Sertys
Member
 
Registered: Oct 2006
Posts: 42

Rep: Reputation: 15
I can recall a discussion about such two-way auth scheme and one of the milestones was about cell networks productivity/durability/availability. If you've got urself a dedicated sms gateway, whereas the provider guarantees your successful sms delivery - that's fine. If u're using web/online sms sending - i wouldn't rely too much on that...
 
Old 02-04-2007, 03:31 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
and of course the other day i had an sms take 4 hours to get through...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is OS a factor in wireless range? newmarket Linux - Wireless Networking 1 05-26-2006 10:50 AM
Two-factor authentication XsuX Linux - Security 1 11-28-2004 05:13 AM
ssh security ashley75 Linux - General 7 09-19-2003 11:15 AM
SSH Security 1jamie Linux - Security 2 09-08-2003 01:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration