ethereum-node icon indicating copy to clipboard operation
ethereum-node copied to clipboard

Published 20 hours ago verified publisher icon stereum-dev

FR: connect to servers with 2FA enabled

Open adv0r opened this issue 3 years ago • 1 comments
trafficstars

Solo staker here, followed good practices (as suggested on CoinCashew btw) and enabled Google Authenticator 2FA to connect via ssh: libpam-google-authenticator

adv0r avatar Sep 01 '22 12:09 adv0r

We hopefully finally tackle this, because it would be nice to have.

This tutorial gives a basic overview of how to setup 2FA with a remote server. https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-18-04

To support this option in Stereum we were thinking about the following flow:

The Google will be integrated as an additional service installable service:

image

Once installed the modal will be available on the top, revealing, when clicked, the following options:

2FA - 002


The options presented here are:

  1. To setup a completly new 2FA
  2. To import an existing back-up of your secret key via the .google-authenticator file

2FA - 003


When generating a new 2FA, before the key is able to be generated, the user has to decide if they want to use a time based token (which is recommended)

Clicking the "Generate Key" button leads to the next step


2FA - 004


After generating the new secret key, the user continues to the modal above.

Here the user should back up his secret key (which can be later used for importing it in the first step).

Below it the user is able to conenct his Google Authenticator via the QR & should write down the all secrets presented. This includes a secret key, a verification code & the scartch codes necessary to regain the ability to authenticate themselves

Before the user can continue he has to check the "Confirm that you sucessfully set up the Google Authenticator!" box to make sure he doesn't lock himself out of his own remote server (lol)

Clicking the button, writes the key and options to the .google_authenticator file. If the user says closes it, the program quits and nothing is written, which means the authenticator won’t work


2FA - 005


Now having actually setup the 2FA, the user is able to modify some options. Here they are also recommended options, which are shown above. Having configured this, the user is now completly finished with the setup process


2FA - 006


From there on onwards, the modal above is what greeets the user whenever he click the symbol in the header.

Here the user is again presented with two options:

2FA - 007

  1. Change the configuration (as in the step before)

2FA - 008

  1. OR delete the 2FA authentification, confirming it by clicking the button again.

After this setup, as soon as the user logs in...

LOGIN_ENGLISH – 6

... they will be presented with following modal:

LOGIN_ENGLISH – 7

Where they will have to enter the OTP generated by the Authenticator

daGscheid avatar Oct 20 '23 15:10 daGscheid

Having discussed with @PatrickRL. Will make slight adaptions to the setup process. Instead of having to add a service we decided to just make it part of Stereum.

2FA will join as an extra tab in the server management

2fa

2FA – 2

Having to save the backup: 2FA – 3

Having to confirm that the setup was sucessfully:

2FA – 4

2FA – 5

2FA – 6

daGscheid avatar Apr 28 '24 16:04 daGscheid

niceeeeeeee

adv0r avatar Apr 28 '24 16:04 adv0r