Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Discuss
  3. Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?

Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?

Scheduled Pinned Locked Moved Discuss
sshauthentication2fa
7 Posts 3 Posters 1.8k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    wrote on last edited by girish
    #1

    For the common of mortal libpam-google-authenticator allow you to request a OTP for your SSH connection. (more info)

    Since nothing is bullet proof and security work by layer, I tough it might worth it to add a layer on this precious access.

    What do you think ?

    1 Reply Last reply
    0
    • mehdiM Offline
      mehdiM Offline
      mehdi
      App Dev
      wrote on last edited by
      #2

      I think this can be installed manually by the admin on the underlying OS.

      I do think it's valuable, but I believe it should be kept separate from cloudron and installed by itself on the side, a bit like Fail2ban is today. It could however be mentioned in the docs, again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )

      JOduMonTJ 1 Reply Last reply
      1
      • mehdiM mehdi

        I think this can be installed manually by the admin on the underlying OS.

        I do think it's valuable, but I believe it should be kept separate from cloudron and installed by itself on the side, a bit like Fail2ban is today. It could however be mentioned in the docs, again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )

        JOduMonTJ Offline
        JOduMonTJ Offline
        JOduMonT
        wrote on last edited by
        #3

        @mehdi said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:

        again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )

        LOL! I thought Fail2Ban was installed by default and every containers, or at least few, where interacting with it, not to mention it again but MailCow run fail2ban by default as a container to protect SOGo and the entire Mail Stack.

        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          For the moment, I will add it to our docs as @mehdi suggested.

          1 Reply Last reply
          1
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #5

            I have added a section here to follow this DO guide

            JOduMonTJ 1 Reply Last reply
            1
            • girishG girish

              I have added a section here to follow this DO guide

              JOduMonTJ Offline
              JOduMonTJ Offline
              JOduMonT
              wrote on last edited by
              #6

              @girish said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:

              I have added a section here to follow this DO guide

              thanks for your consideration
              BTW I tried to update (PR) the ipset part of the doc since maxmind change their licensing and this command don't work anymore

              wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
              
              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                @JOduMonT Thanks! merged, should be part of our next deploy.

                1 Reply Last reply
                1
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search