Hey guys, has anyone ever set up 2FA for either RDP or SSH? working on getting my server to be safe to be globally exposed, its been local-only since i started infosec stuff. 2FA for RDP seems to be a necessity. (cc @NerdPyle you know windows server things right?)
You can implement a simple form of 2FA by setting up sshd to require *both* a public key *and* a password. It's what I use for my more secure boxes. Working on a solution for "proper" sane 2FA (U2F)...
-
-
I'd rather get something TOTP/OpenAuth based immediately than go for that immediately. It's a good solution but I figure considering recent events it might be best to overdesign. I'm leaning towards Duo for RDP (since that'll just be for vm host admin stuff, so its free)...
-
...and then either using google's openauth implementation + public key for ssh auth, or making users buy a yubikey and do yubikey + public key for ssh auth. Prolly overkill, but considering recent events I'm going to be going overboard re: opsec for a while.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.