We challenge you... to respond... then we'll authenticate ya! That's right, we're getting into Challenge Response Authentication. Plus Two-Factor Authentication for SSH using the Google Authenticator, and how not to lock yourself out of your own workstation. All that and more, this time on Hak5!
Challenge Response Authentication
Example of Lame-Ass-Challenge-Response-Authentication
Example of proper Challenge-Response Authentication
Weaknesses in CRA
SSH 2-Factor Authentication via Google Authenticator
Ubuntu 10.04 setup based off webbynode guide.
# Install Google Authenticator PAM module $ cd ~ $ wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2 $ tar jxvf libpam-google-authenticator-1.0-source.tar.bz2 $ cd google-authenticator $ sudo make install # Edit /etc/ssh/sshd_config and change the ChallengeResponseAuthentication to yes # Edit /etc/pam.d/sshd and add # auth required pam_google_authenticator.so #*** Some guides recommend adding the above line to the /etc/pam.d/common-auth file. #*** You'll wish you hadn't if you're testing this on your desktop with gnome/kde/etc ;-) # Configure the user account $ google-authenticator # Follow the URL and scan the barcode from your phones google authenticator app # Restart sshd: $ /etc/init.d/ssh restart # Login as normal and you'll be prompted for verification code in addition to password
If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!
Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more
And let's not forget to mention that you can follow us on Twitter and Facebook. Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at firstname.lastname@example.org.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!