Rich Freeman on 26 Jul 2017 15:44:46 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SSH Hardening : Request for Best Practices


On Wed, Jul 26, 2017 at 6:33 PM, Rich Kulawiec <rsk@gsp.org> wrote:
> On Wed, Jul 26, 2017 at 12:05:16PM -0400, K.S. Bhaskar wrote:
>> Since it is pretty straightforward to set up ssh with 2FA with Google
>> authenticator (
>> https://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication)
>> or Authy (https://github.com/authy/authy-ssh), why would one not use the
>> additional security 2FA provides?
>
> Unless I'm mistaken, this requires a smartphone in order to run
> the relevant app.  (If I'm mistaken, I apologize.)  That's a
> dealbreaker for me: smartphones are just another component of the
> world's most widely distributed dumpster fire, aka the IoT.

It needs something that implements RFC 6238.  A smartphone app is the
most common implementation but any conforming TOTP generator will
work.

Sure, smartphones aren't ideal, but it is an additional layer of
defense.  Adding it doesn't increase your risk of compromise at all.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug