[Labs-l] 2-factor shell auth (was:second attempt to request alternative login server)
Jeremy Baron
jeremy at tuxmachine.com
Wed Mar 6 18:40:52 UTC 2013
On Wed, Mar 6, 2013 at 6:19 PM, Matthew Walker <mwalker at wikimedia.org> wrote:
>> [removed garbage about password auth being wonderful...]
>
> I don't feel passwords are any more or less secure than keys. In some cases
> keys can be even less secure if you're doing agent forwarding.
Well that just means that keys may give a false sense of security. SSH
auth by key should almost never be less secure than auth by cleartext
password. (there are some exceptions like the vulnerable debian keys a
few years ago. but even in that case you need a key of some sort to
authenticate the server's side. and that key could just as easily have
been made on a broken ssh implementation as could your personal key.
AIUI. Anyway, you're always worse off with password auth than pubkeys
unless you're really careful with passwords and careless with keys.)
> This being said -- we have two factor auth available on labsconsole; I'd
> love it if two factor auth was also enabled by request for shells. I've done
> this on personal servers of mine using google's solution [1]. I don't think
> it would be too hard to implement on labs when time is available -- it's
> controlled by a file in the home directory (which might be able to be moved,
> haven't looked deeply.)
I don't see any reason someone couldn't implement that now. Just need
an instance to play with, no special perms. Once it's working and
puppetized then it could be an option for everyone. (per project or
per instance) but IMHO, it should not be enabled across the board. The
default should be 1-factor. (at least not with the google auth way.
maybe I'd have a different opinion on another scheme)
-Jeremy
More information about the Labs-l
mailing list