Linux Token Auth One-time password authentication

Source: Internet
Author: User

Linux Token Auth One-time password authentication

Home |        Mirror | Search |        Essays |        Iteye Blog |        Oschina Blog |        51CTO Blog | Linkedin

Linux Token Auth One-time password authentication http://netkiller.github.io/journal/token.htmlMr.Neo Chen (Netkiller),Chen Jingfeng (bg7nyt)


China Guangdong province Shenzhen Khe Sanh Street, Longhua District, civil Administration
518131
+86 13113668890
+86 755 29812080
<[email protected]>

Mr.had Cheung Jian , Android Mobile development


China Guangdong province Shenzhen South Mt. District

+86 18665871161

<[email protected]>

Copyright Http://netkiller.github.io

Copyright notice

Reprint please contact the author, please be sure to indicate the original source of the article and the author's information and this statement.

650) this.width=650; "src="/images/by-nc-sa.png "width=" "alt=" and "By-nc-sa.png"/>
Document Source:
Http://netkiller.github.io
Http://netkiller.sourceforge.net


2014-08-01

Summary

Server-side script:

https://github.com/oscm/devops/blob/master/bin/chpasswd.sh

Mobile app:

Https://github.com/oscm/Token

My series of documents

Netkiller Architect Codex Netkiller Developer Codex Netkiller PHP Codex Netkiller Python Codex Netkiller Testing Codex Netkiller Cryptography Codex
Netkiller Linux Codex Netkiller Debian Codex Netkiller CentOS Codex Netkiller FreeBSD Codex Netkiller Shell Codex Netkiller Security Codex
Netkiller Web Codex Netkiller Monitoring Codex Netkiller Storage Codex Netkiller Mail Codex Netkiller Docbook Codex Netkiller Version Codex
Netkiller Database Codex Netkiller PostgreSQL Codex Netkiller MySQL Codex Netkiller NoSQL Codex Netkiller LDAP Codex Netkiller Network Codex
Netkiller Cisco IOS Codex Netkiller H3C Codex Netkiller Multimedia Codex Netkiller Perl Codex Netkiller Amateur Radio Codex Netkiller DevOps Codex

Directory

    • 1. What is token

    • 2. Why use Tokens

    • 3. When can I use the token technology?

    • 4. Where is the token application in this article?

    • 5. Who will deploy

    • 6. Mobile-side configuration

      • 6.1. Set the password

      • 6.2. View the server password

      • 6.3. Set the Refresh Time

1. What is token

Token (token) is an identity identification, token has another feature, that is, there is an expiration time. That is, tokens are not valid for long.

2. Why use Tokens

We usually need a temporary or one-time use of identity authentication

3. When can I use the token technology?

For example, we go to a restaurant, get a WiFi code from the front desk, and then enjoy a 30-minute Internet service. The password will expire after 30 minutes.

Our company has a lot of servers, password management is very troublesome, and sometimes there will be personnel changes, once the personnel changes, all the server password needs to be modified once, very troublesome, occasionally there will be leakage change situation, the use of bastion machine can better manage passwords, but the cost is very expensive.

So I thought about token technology, but it cost a lot of money to buy token hardware. The principle of token I am very clear, through the symmetric algorithm to calculate the same peer key, we can not buy hardware devices, their own development, mobile phone equipment to carry, so the development of mobile version of token is the best.

4. Where is the token application in this article?

I use token technology to achieve the Linux designated user password cycle changes, based on time, mobile phone synchronization to calculate the password on the server. In order to prevent the password from being exhaustive, I added 4 interfering characters.

If you feel insecure about the strength of your cryptographic algorithms, you can modify the complexity yourself.

You can also remotely change the password, not to speak more.

5. Who will deploy

First, the administrator deploys the password modifier chpasswd.sh and then joins to the crontab to run regularly.

Because of the uneven level of readers, I use the shell to do so, so that most of the readers can read it.

# cat chpasswd.sh #!/bin/bashdatetime= ' date +%y-%m-%d ""%H ":"%m ' email= "[email protected]" #password =$ (cat/dev/urandom | TR-CD [: alnum:] | fold-w30 | Head-n 1) string=$ (date-u "+%y$1%m$2%d$3%h$4%m") password=$ (echo $string | md5sum | cut-c 2-9 | base64 | tr-d "=" | cut -c 1-32) echo $password > ~/.lastpasswdecho $password | passwd www--stdin >/dev/null

Save last password in ~/.LASTPASSWD

Crontab settings, change the password once per minute.

# CRONTAB-L*/1 * * * */root/chpasswd.sh a b c D

A b c D self-setting, the same settings as the mobile phone can be

This server-side configuration is complete

6. Mobile-side configuration

Install the token.apk file to your phone

Https://github.com/oscm/Token

650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token.jpg "width=" alt= "token.jpg"/ >
6.1. Set the password
650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Password.jpg "width=" alt= " Token-password.jpg "/>

Confirm Password

650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Password1.jpg "width=" alt= " Token-password1.jpg "/>

Select environment

650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Env.jpg "width=" alt= " Token-env.jpg "/>

Set the interference code

650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Salt.jpg "width=" alt= " Token-salt.jpg "/>
6.2. View the server password
650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Auth.jpg "width=" alt= " Token-auth.jpg "/>
6.3. Set the Refresh Time

Default 1-minute refresh, may not be able to enter the password after the password will be updated

If you modify this, the settings in server-side crontab can be changed synchronously.

650) this.width=650; "src=" http://netkiller.github.io/journal/images/token/Token-Refresh.jpg "width=" alt= " Token-refresh.jpg "/>

Linux Token Auth One-time password authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.