Two-factor Authentication for SSH

Transcript

1. Duo: Security Two-factor authentication for SSH By: Mathew Peterson September

   13th, 2012

2. whoami Mathew Peterson 22 years old, father of 2. PHP

   developer over 6 years Work at Challama.com as a devop Linux Administrator

3. man two-factor authentication Something you know Password Something you have

   Token Or, something you are Biometrics

4. But passwords are cool ...mmmkay? Private things require a username

   and password Passwords suck. stolen / cracked / phished / guessed / bought / keylogged / sniffed / captured / leaked

5. SSH But, I use SSH keys! They store private keys

   with out passphrase They store them in stupid places Some admins do not turn off plain password login

6. Duo: Security Free (up to 10 users) Easy to set

   up http:/ /www.duosecurity.com

7. Text Features

8. How it works

9. What do I need to do? Download & compile open

   source program Input your keys and api hostname Add “ForceCommand” to sshd_conf Enroll your device Profit

10. make && make install $ tar zxf duo_unix-1.9.tar.gz $ cd

    duo_unix-1.9 $ ./configure --prefix=/usr && make && sudo make install

11. vim /etc/duo/ login_duo.conf [duo] ; Duo integration key ikey =

    INTEGRATION_KEY ; Duo secret key skey = SECRET_KEY ; Duo API hostname host = API_HOSTNAME

12. test $ /usr/sbin/login_duo $ /usr/sbin/login_duo echo 'YOU ROCK!'

13. Enable for ssh vim /etc/ssh/sshd_conf ForceCommand /usr/sbin/login_duo PermitTunnel no AllowTcpForwarding

    no

14. In action

15. Other Uses VPN’s Web

16. Resources http:/ /www.duosecurity.com http:/ /en.wikipedia.org/wiki/Two- factor_authentication

17. Contact me Mathew Peterson [email protected] @mathewpeterson http:/ /github.com/mathewpeterson http:/ /www.mathewpeterson.com