Hacker News new | past | comments | ask | show | jobs | submit login
Enable Two-Factor Auth on your VPN. (authy.com)
14 points by danielpal on Oct 31, 2013 | hide | past | favorite | 6 comments



I've been doing this for a while using the Google Authenticator PAM plugin[1]. I use the same module to add two factor authentication to both SSH and OpenVPN connections.

[1] http://code.google.com/p/google-authenticator/


Can you share some "how to" pointers - may be a blog post describing how to do this?


Real quick and dirty. But you should be able to get it to work from these notes. Be warned, I don't go into how to set-up OpenVPN. You can find documentation for OpenVPN at http://openvpn.net/index.php/open-source/documentation/howto...

You'll need to install Google Authenticator on your phone to complete the set-up.

Here are my notes: https://invaliddomain.com/openvpn-google-auth-howto.txt (please excuse the lack of a real SSL cert).

Once enabled, your password becomes <password><OTP> .. e.g. Pa55w0rd!987654

Hope that helps.


Better yet, use passwords plus client side certificates. It prevents these scenarios without requiring you to trust a third party with your two-factor authentication tokens.


Or, if you want to do the same thing without trusting the security of your VPN to a third party, and you're willing to do a little more fiddling with configuration files, you can just use libpam-google-authenticator: http://www.howtoforge.com/securing-openvpn-with-a-one-time-p...


You are only trusting the half of the security which is better IMHO. The evil person would need to hack/steal both you and the (likely more careful) third party in order to access your accounts. In your scenario it would only need to hack you to get everything.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: