gpg: Signature made Thu May 5 08:22:16 2016 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi,
Implementing two-factor authentication has long been a requested
feature:
https://tools.bitfolk.com/redmine/issues/117
I have implemented it on the panel test site at
https://testpanel.bitfolk.com and would really appreciate if those
who are interested in 2FA would give it a go to see if it works how
you want/expect.
If test site is currently pointed at the real database so changes
you make will be for real, although the real panel site does not
have 2FA deployed so you cannot lock yourself out of anything
important. I will purge all TOTP keys and set everyone back to
having TOTP disabled before it goes live.
If you have any comments then adding them to the feature tracker
(link above) would be appreciated.
Note that 2FA on the web panel is pretty pointless without also
having 2FA or similar on the SSH to Xen Shell. I am as yet undecided
about where to go with that (only that it needs to go somewhere). I
don't know whether it's acceptable to just have an option to restrict
it to SSH key auth only, or if the same 2FA should be used there
(there is a PAM module for TOTP 2FA:
https://packages.debian.org/jessie/libpam-google-authenticator)
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
