Linux Token Auth One-time password authentication

Linux Token Auth One-time password authentication http://netkiller.github.io/journal/token.html Mr.Neo Chen(Netkiller),Chen Jingfeng (bg7nyt)

China Guangdong province Shenzhen Khe Sanh Street, Longhua District, civil Administration
518131
+86 13113668890
+86 755 29812080
<[email protected]>

Mr.had Cheung Jian , Android Mobile development

China Guangdong province Shenzhen South Mt. District

+86 18665871161

<[email protected]>

Copyright © Http://netkiller.github.io

Copyright Notice

Reprint please contact the author, please be sure to indicate the original source of the article and the author's information and this statement.

Document Source: Http://netkiller.github.io Http://netkiller.sourceforge.net

2014-08-01

Summary

Server-side script:

https://github.com/oscm/devops/blob/master/bin/chpasswd.sh

Mobile app:

Https://github.com/oscm/Token

My series of documents

Netkiller Architect Codex	Netkiller Developer Codex	Netkiller PHP Codex	Netkiller Python Codex	Netkiller Testing Codex	Netkiller Cryptography Codex
Netkiller Linux Codex	Netkiller Debian Codex	Netkiller CentOS Codex	Netkiller FreeBSD Codex	Netkiller Shell Codex	Netkiller Security Codex
Netkiller Web Codex	Netkiller Monitoring Codex	Netkiller Storage Codex	Netkiller Mail Codex	Netkiller Docbook Codex	Netkiller Version Codex
Netkiller Database Codex	Netkiller PostgreSQL Codex	Netkiller MySQL Codex	Netkiller NoSQL Codex	Netkiller LDAP Codex	Netkiller Network Codex
Netkiller Cisco IOS Codex	Netkiller H3C Codex	Netkiller Multimedia Codex	Netkiller Perl Codex	Netkiller Amateur Radio Codex	Netkiller DevOps Codex

Directory

• 1. What is token
• 2. Why Use tokens
• 3. When can I use the token technology?
• 4. Where is the token application in this article?
• 5. Who will deploy
• 6. Mobile-side configuration
  • 6.1. Set the password
  • 6.2. View the server password
  • 6.3. Set the refresh Time

1. What is token

Token (token) is an identity identification, token has another feature, that is, there is an expiration time. That is, tokens are not valid for long.

2. Why use Tokens

We usually need a temporary or one-time use of identity authentication

3. When can I use the token technology?

For example, we go to a restaurant, get a WiFi code from the front desk, and then enjoy a 30-minute Internet service. The password will expire after 30 minutes.

Our company has a lot of servers, password management is very troublesome, and sometimes there will be personnel changes, once the personnel changes, all the server password needs to be modified once, very troublesome, occasionally there will be leakage change situation, the use of bastion machine can better manage passwords, but the cost is very expensive.

So I thought about token technology, but it cost a lot of money to buy token hardware. The principle of token I am very clear, through the symmetric algorithm to calculate the same peer key, we can not buy hardware devices, their own development, mobile phone equipment to carry, so the development of mobile version of token is the best.

4. Where is the token application in this article?

I use token technology to achieve the Linux designated user password cycle changes, based on time, mobile phone synchronization to calculate the password on the server. In order to prevent the password from being exhaustive, I added 4 interfering characters.

If you feel insecure about the strength of your cryptographic algorithms, you can modify the complexity yourself.

You can also remotely change the password, not to speak more.

5. Who will deploy

First, the administrator deploys the password modifier chpasswd.sh and then joins to the crontab to run regularly.

Because of the uneven level of readers, I use the shell to do so, so that most of the readers can read it.

# cat chpasswd.sh #!/bin/bashdatetime= ' date +%y-%m-%d ""%H ":"%m ' email= "[email protected]" #password =$ (cat/dev/urandom | TR-CD [: alnum:] | fold-w30 | Head-n 1) string=$ (date-u "+%y$1%m$2%d$3%h$4%m") password=$ (echo $string | md5sum | cut-c 2-9 | base64 | tr-d "=" | cut -c 1-32) echo $password > ~/.lastpasswdecho $password | passwd www--stdin >/dev/null

Save last password in ~/.LASTPASSWD

Crontab settings, change the password once per minute.

# CRONTAB-L*/1 * * * */root/chpasswd.sh a b c D

A b c D self-setting, the same settings as the mobile phone can be

This server-side configuration is complete

6. Mobile-side configuration

Install the token.apk file to your phone

Https://github.com/oscm/Token

6.1. Set the password

Confirm Password

Select environment

Set the interference code

6.2. View the server password 6.3. Set the Refresh Time

Default 1-minute refresh, may not be able to enter the password after the password will be updated

If you modify this, the settings in server-side crontab can be changed synchronously.