How to Create High security multifactor authentication

A collection of tips on howto tweak your Bubba.
Post Reply
Eek
Posts: 372
Joined: 23 Dec 2007, 03:03
Location: the Netherlands

How to Create High security multifactor authentication

Post by Eek » 11 May 2008, 06:21

Hi

Just wanted to let you all know of a cool way to have: High security multifactor authentication using a series of single-use "passcodes"

As many of us like the bubba for it's power and versatility, we also want to be able to connect to it from outside our home-network.
SSH/Putty gives us the opportunity to open up our entire home-network from a remote location.
This of course adds to the security risk.
Which is why i created this how to, to let you all know of a way to implement a High security multifactor authentication.
One tip: do not open port 22 in your router for ssh (as hackers are scanning for known port numbers), but choose a random port number.

The information about the High security multifactor authentication using a series of single-use "passcodes" can be found at https://www.grc.com/ppp.htm
Or listen to the podcasts on the subject at http://www.grc.com/securitynow.htm
This how to describes my installation of the PAM module by Thomas Fors (http://code.google.com/p/ppp-pam/)

Note: i installed and tested this on Etch, Sarge should also work.

Packages
Install the packages, using the Debian sources, see Howto install Debian packages [5].

Code: Select all

apt-get install subversion make gcc g++ uuid-dev libpam0g-dev
apt-get install wget
Installation

Code: Select all

$ cd /tmp
$ wget http://ppp-pam.googlecode.com/files/ppp-pam-0.2.tar.gz
$ tar -xvzf ppp-pam-0.2.tar.gz
$ cd ppp-pam/build
$ ../configure
$ make
Test to confirm it builds correctly

Code: Select all

make test
Install the pppauth utility and PAM module in the appropriate folders.

Code: Select all

make install
Configuration
Enable PPP authentication for ssh connections.

Code: Select all

vi /etc/pam.d/ssh
Enter the following line just below: @include common-auth
auth required pam_ppp.so
Make sure you have the following settings in sshd_config

Code: Select all

vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
UsePAM yes
Usage
Create a PPP sequence key for your user account you use to login.
This will probably not be root!

Code: Select all

pppauth --key
Generate a passcard. Print or save it

Code: Select all

pppauth --text --next 1
Try logging in to test it.

Code: Select all

ssh localhost
Have fun
Eek

References
1. https://www.grc.com/ppp.htm
2. http://www.grc.com/ppp/software.htm
3. http://code.google.com/p/ppp-pam/
4. http://code.google.com/p/ppp-pam/wiki/Building
5. http://forum.excito.net/viewtopic.php?t=421

Post Reply