Learn about Centmin Mod LEMP Stack today
Register Now

Security Sysadmin Google Authenticator

Discussion in 'System Administration' started by Jimmy, Feb 6, 2017.

  1. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    4:08 AM
  2. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    6:08 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah leave it to end users as once you loose your phone you'd be in trouble. I use 2 step but i have my GA codes sync'd to 3x phones + 3x tablets :)
     
  3. RB1

    RB1 Active Member

    292
    75
    28
    Nov 11, 2016
    California
    Ratings:
    +122
    Local Time:
    1:08 AM
    Nginx 1.21.x
    MariaDB 10.1.x
    Also an added bonus if GA is linked to your phone number with iMessage...you can also receive authentication codes via Messages app on OS X
     
  4. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
    Thats the issue with GA. I had issues when I got a new phone and wiped the old one after forgetting about GA. Took a while to regain access to my accounts. Authy handles this alot better.
     
  5. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
  6. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
  7. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    6:08 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah Authy does it better.

    This would be be something to look at it next dev release after 123.09beta01 goes stable :)
     
  8. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
    I think it's stable :), been using it for a few months now with no issues whatsoever on my end
     
  9. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    6:08 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  10. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    4:08 AM
    I'm unclear why people say about losing their phone and they'd be out of luck - heard that many places. I always copy the security key vs. scanning the qr code. I actually use GAuth Chrome Extension, never used my phone. Even if I delete the chrome extension, as long as I have the security key, I can just enter it again.

    Have to check out the other one posted here.
     
  11. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
    You're right, but most people including myself are either too lazy or couldn't be bothered to save the security key or backup codes. Google just needs to add a transfer phones or backup option.
     
  12. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    4:08 AM
    Yea. I did that once and got locked out. From then on, I always wrote it down. ;)
     
  13. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    9:08 AM
    1.9.x
    10.1.x
    [​IMG]

    You have 5 emergency codes. Its good even if you loose your phone.
     
  14. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
    nice what repo has google-authenticator in it for centos 7, can't seem to install it, i already have epel and remi
     
  15. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    6:08 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes there is but if you loose those emergency codes ?

    also by default GA on server is set for time based authentication so as that screenshot says, time skew between client and server :)
     
  16. eva2000

    eva2000 Administrator Staff Member

    55,816
    12,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,861
    Local Time:
    6:08 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    have to manually install it

    work i did on this 4+ months ago outlined in a gist and tested on centmin mod 123.09beta01 centos 7 local server 2FA for centminmod · GitHub

    also some lines are for ntp test routines to ensure server clock doesn't time drift/skew - some code made it into 123.09beta01 already for ntp tests. Though still weighing up if ntpd is best way to manage time sync for server versus newer alternatives to ntpd like ntpsec and chrony

    could be problematic on openvz systems as ntp isn't used as openvz gets time from openvz host node so if they experiences time skew/drift !
     
  17. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    4:08 AM
    Good to see this thread peak some people's interests. :)

    Security is good.
     
  18. SFLC

    SFLC Active Member

    223
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    10:08 AM
    1
    10
    ya if that't the case i'll hold off on installing it then, i wanted an easy way to remove it if things go sideways
     
  19. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    11:08 AM
    Nginx-1.26.x
    MariaDB 10.6.x
    I like this one also :)
     
  20. Jimmy

    Jimmy Well-Known Member

    1,791
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +991
    Local Time:
    4:08 AM