[wplug-internet] Two-factor authentication

John Lewis oflameo2 at gmail.com
Wed Feb 11 16:05:04 EST 2015


On 02/11/2015 09:41 AM, Justin Smith wrote:
> Google Authenticator is proprietary software, so I certainly don't 
> recommend using it, but the changes to the sshd config file and PAM file 
> are the same to get PAM to play nice with SSH keys.

What are you taking about Justin? Right now, without any modification to
the PAM file, SSH keys just work.

Two factor authentication is already available to you if you have a
login. You say you can just use a app on your phone to ask for an OTP
password. Can't you use an app on you phone to store your private key?

What exactly got you so worried about being hacked all of a sudden? Why
do we have do this now when we should be worried about making the rest
of the site convent for new members as possible so it is convenient to
join because at the beginning of the year we decided to focus on the
participation problem. Does this address that problem? Did our
participation problem automatically get solved while I was paying
attention to something else?


More information about the wplug-internet mailing list