2FA/Multiple: Unterschied zwischen den Versionen
imported>Burghardt (Die Seite wurde neu angelegt: „== Multiple Identities on Linux == When you are getting used to this seconds factor concept described in Shell#2FA you may wish to use it with other services …“) |
imported>Ubadm (→Links) |
||
Zeile 79: | Zeile 79: | ||
== Links == |
== Links == |
||
+ | |||
− | [[Category:]] |
||
+ | [[Kategorie:Remote]] |
Aktuelle Version vom 25. April 2019, 07:46 Uhr
Multiple Identities on Linux
When you are getting used to this seconds factor concept described in Shell#2FA you may wish to use it with other services too. At this point you have to decide if you:
- have one single identity shared by several providers
- have several identities = a different one for each service
Of course the latter is recommended. To store theses secret files I chose a separate directory in my $HOME: .my-secrets. Call it whatever you want.
Remove all ACLs except the required one.
~$ fs sa -dir .my-secrets -acl web-home none ~$ fs sa -dir .my-secrets -acl ifi-login none ~$ fs sa -dir .my-secrets -acl spamassassin none ~$ fs sa -dir .my-secrets -acl mta none
At the end it should look like:
~$ fs la .my-secrets/ Access list for .my-secrets/ is Normal rights: system:administrators rlidwka username rlidwka username.system rl username@student.uni-goettingen.de rlidwka username@top.gwdg.de rlidwka
Copy (do not move) the already setup file for your universities userid and give it a "better" name:
~$ cp .ifi-login/.google_authenticator .my-secrets/uni-userid
Create other identities by running google-authenticator. It seems this will always create the output file as $HOME/.google_authenticator. So we need to copy (or move) those newly created file to our folder:
~$ google-authenticator ... ~$ cp .google_authenticator .my-secrets/user-at-other-provider
Repeat this step as often as you want :-)
To use one of those identities run
~$ oathtool --totp -b $(head -n 1 ~/.my-secrets/user-at-other-provider) 111187
You might use a separate terminal window and run this oneliner:
~$ while true ; clear; date; do for I in $(ls -A ~/.my-secrets/) ; do printf "%-24s" $I; oathtool --totp -b $(head -n 1 ~/.my-secrets/$I); done; sleep 2; done
This creates an automatically refreshed output like this:
Di 21. Jun 09:02:10 CEST 2016 uni-userid 690091 user-at-other-provider 965901
You can put this uncomfortable long line into your ~/.bash_aliases
~$ cat .bash_aliases
# # Show all Time Based OTP defined in ~/.my-secrets/* # function mytotp () { while : do clear date for I in $(ls -A ~/.my-secrets/) do printf "%-24s" $I; oathtool --totp -b $(head -n 1 ~/.my-secrets/$I) done sleep 2 done }
This file is automatically evaluated ("sourced") during login. To activate it without the need to logout/login you can do so by
~$ . .bash_aliases