Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?

Scheduled Pinned Locked Moved Discuss
sshauthentication2fa
7 Posts 3 Posters 601 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    wrote on last edited by girish
    #1

    For the common of mortal libpam-google-authenticator allow you to request a OTP for your SSH connection. (more info)

    Since nothing is bullet proof and security work by layer, I tough it might worth it to add a layer on this precious access.

    What do you think ?

    1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    wrote on last edited by
    #2

    I think this can be installed manually by the admin on the underlying OS.

    I do think it's valuable, but I believe it should be kept separate from cloudron and installed by itself on the side, a bit like Fail2ban is today. It could however be mentioned in the docs, again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )

    JOduMonTJ 1 Reply Last reply
    1
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to mehdi on last edited by
    #3

    @mehdi said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:

    again like fail2ban ( https://cloudron.io/documentation/security/#fail2ban )

    LOL! I thought Fail2Ban was installed by default and every containers, or at least few, where interacting with it, not to mention it again but MailCow run fail2ban by default as a container to protect SOGo and the entire Mail Stack.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    For the moment, I will add it to our docs as @mehdi suggested.

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #5

    I have added a section here to follow this DO guide

    JOduMonTJ 1 Reply Last reply
    1
  • JOduMonTJ Offline
    JOduMonTJ Offline
    JOduMonT
    replied to girish on last edited by
    #6

    @girish said in Do you know an alternative to libpam-google-authenticator and do you think it should be implemented in Cloudron ?:

    I have added a section here to follow this DO guide

    thanks for your consideration
    BTW I tried to update (PR) the ipset part of the doc since maxmind change their licensing and this command don't work anymore

    wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
    
    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #7

    @JOduMonT Thanks! merged, should be part of our next deploy.

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.