Mar 25, 2022

Securing SSH and Wordpress with two factor authentication

How to start saving money

Lorem ipsum dolor sit amet, consectetur adipiscing elit lobortis arcu enim urna adipiscing praesent velit viverra sit semper lorem eu cursus vel hendrerit elementum morbi curabitur etiam nibh justo, lorem aliquet donec sed sit mi dignissim at ante massa mattis.

Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potent i
Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

Why it is important to start saving

Vitae congue eu consequat ac felis placerat vestibulum lectus mauris ultrices cursus sit amet dictum sit amet justo donec enim diam porttitor lacus luctus accumsan tortor posuere praesent tristique magna sit amet purus gravida quis blandit turpis.

How much money should I save?

At risus viverra adipiscing at in tellus integer feugiat nisl pretium fusce id velit ut tortor sagittis orci a scelerisque purus semper eget at lectus urna duis convallis. porta nibh venenatis cras sed felis eget neque laoreet suspendisse interdum consectetur libero id faucibus nisl donec pretium vulputate sapien nec sagittis aliquam nunc lobortis mattis aliquam faucibus purus in.

Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor dolor sit amet
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

What percentege of my income should go to savings?

Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque. Velit euismod in pellentesque massa placerat volutpat lacus laoreet non curabitur gravida odio aenean sed adipiscing diam donec adipiscing tristique risus. amet est placerat in egestas erat imperdiet sed euismod nisi.

“Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque velit euismod in pellentesque massa placerat”

Do you have any comments? Share them with us on social media

Eget lorem dolor sed viverra ipsum nunc aliquet bibendum felis donec et odio pellentesque diam volutpat commodo sed egestas aliquam sem fringilla ut morbi tincidunt augue interdum velit euismod eu tincidunt tortor aliquam nulla facilisi aenean sed adipiscing diam donec adipiscing ut lectus arcu bibendum at varius vel pharetra nibh venenatis cras sed felis eget dolor cosnectur drolo.

I wrote a post about using Google Authenticator for SSH a month ago. After writing this post, I started looking at other solutions in the space for two factor authentication.

Yubikeys are USB based, and require no device drivers. They work with Mac, Linux, or Windows and are priced starting at $25 each. Compared to the security gained -- Yubikeys are inexpensive.If your going to be at the Indiana Linux Fest this coming weekend (March 25-27th 2011), stop by and visit us -- we have extra Yubikeys to spare.

Configuring Wordpress For Two Factor Authentication

Configuring SSH For Two Factor Authentication

Configuring Wordpress for Yubikey Two Factor Authentication

Your PHP installation should have the Hash and Curl libraries enabled, otherwise this plugin won't work.A Yubikey is required.

Create a Yubico ID & API Key.

Download, install and activate the Yubikey plugin for WordPress.

Enter Key ID on the Users -> Profile and Personal options page.

Enter Yubico ID & API key on the Settings -> Yubikey options page.

Your Wordpress installation now has two factor authentication on a per user basis.Further details: http://henrik.schack.dk/yubikey-plugin/

Configuring SSH for Two Factor Authentication

You will need to install pam_yubico from the epel repo, or from source. I prefer the RPM based installation as shown below.Details on installing the epel yum repo can be found on the EPEL page:http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packagesHere is an example installation based on a CentOS 5 -32bit machine: $ wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm $ sudo rpm -ihv epel-release-5-4.noarch.rpmYou may need to enable the stable repo by editing the epel yum repo file $ sudo vi /etc/yum.repos.d/epel.repo Install the pam_yubico rpm $ sudo yum install pam_yubicoCreate a ‘yubikey’ group: $ sudo groupadd yubikeyAdd a user to this new group that will require Yubikey two factor auth: $ sudo usermod -G yubikey Edit /etc/pam.d/system-auth and add the following two lines to the beginning of the file. The first line is optional, but allows you to selectively allow yubikeys on a per user basis, based on unix groups. auth [success=1 default=ignore] pam_succeed_if.so quiet user notingroup yubikey auth required pam_yubico.so id=16 authfile=/etc/yubikey_mappingsEdit /etc/yubikey_mappings and add the Yubikey Id’s that each user is allowed to use for authentication. You can use multiple Yubikeys for an individual user. username:[your yubikey 12 char id]:[another id]: [another id]: .. usernam2:[your yubikey 12 char id]:[another id]: [another id]: ..Important! You will want to stay logged into the server while you test in another shell. This will allow you to revert if necessary without locking you out.Testing -- It is important to note. The yubikey PAM be default is splitting your password and yubikey ID on a single line when you are prompted for your password. $ ssh username@host username@host’s password: Last login: Mon Mar 21 12:34:56 2011 from 10.12.14.65 [username@host ~]$For further details, check https://github.com/Yubico/yubico-pam