Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?
-
For the common of mortal libpam-google-authenticator allow you to request a OTP for your SSH connection. (more info)
Since nothing is bullet proof and security work by layer, I tough it might worth it to add a layer on this precious access.
What do you think ?
-
I think this can be installed manually by the admin on the underlying OS.
I do think it's valuable, but I believe it should be kept separate from cloudron and installed by itself on the side, a bit like Fail2ban is today. It could however be mentioned in the docs, again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )
-
@mehdi said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:
again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )
LOL! I thought Fail2Ban was installed by default and every containers, or at least few, where interacting with it, not to mention it again but MailCow run fail2ban by default as a container to protect SOGo and the entire Mail Stack.
-
@girish said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:
I have added a section here to follow this DO guide
thanks for your consideration
BTW I tried to update (PR) the ipset part of the doc since maxmind change their licensing and this command don't work anymorewget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip