Recent Posts
Public TOR IPv6 Only Gateway
These days, I feel like TOR is really getting pushed as only a method for anonymous internet browsing; almost entirely focused on HTTP. However TOR hidden services are really neat. They are the opposite of the client use case of TOR and are for server anonymity. The problem with TOR hidden services is that they require the clients to run the TOR software to view at all. Worse, for connecting to any other service besides HTTP requires jumping over some significant hurdles. The client side configuration for visiting hidden services is actually harder than the server side configuration.
Two factor for SSH, revisited
There are a great many guides that are using google authentication as a two factor source for SSH, and this is fine for one off servers where you are the one and only admin of that server. However there are several problems for a multi-server and/or multi-user environments. Let’s review these problems, getting a better understanding of two factor auth, and some solutions.
Problem 1: The secret key is stored in your user’s home directory on the server. With it, you can generate tokens at any time. This means that if your server gets compromised, they can now generate your one time tokens at will. If you have 10 servers using the same token, they can generate that token for all of them.