Archive for category Uncategorized
I wanted to use two factor auth combined with ssh keys to restrict access to some of the production machines at work, however this wasn’t entirely straight forward as google authenticator pam module would be entirely bypassed with ssh-keys, and only supports one key per account, (so shared accounts like root would be a problem)
I’ve discovered a lovely little simple tool that lets you work around it ssh-opt
+ You can use a different OATH token for each ssh key!
+ You can choose to not require tokens for some keys, eg. for automated systems
+ You can use it along with google authenticator pam for single password + single token access
+ You can install it on machines you don’t have root access to
– It doesn’t support scratch emergency codes or replay protection [yet, it wouldnt be that hard to add]
– It leaks your token key to other users via ps [easily fixable]
– It breaks scp! not sure why yet, it just hangs for me.
Its dead simple to use too, just prefix the key in .ssh/authorized_keys:
command="/usr/bin/ssh-otp OATHTOKEN" ssh-dss AAAAB3...
This error had plagued me for some time, but the chrome plugin worked… so I didnt mind until I updated to a full 64bit OS, and the chrome plugin does not exist for 64bit
Turns out that the plugin was trying to read the firefox preferences but fails on two accounts, it apparently doesnt handle spaces or relative paths..
~/.mozilla/firefox/profiles.ini something like this:
[General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=0 Path=/home/user/.firefox/default/187x6ax2.slt
[General] StartWithLastProfile=1 [Profile0] Name=default IsRelative=1 Path=187x6ax2.slt
ln -s ~/.firefox/default/187x6ax2.slt ~/.mozilla/firefox/
You will need a rooted device to do this!
I’ve obtained more than one android device, and I was looking at installing the google authenticator app on it as well, however, google wanted me to delete my existing key and create a new one if I was going to configure other devices. This means disabling 2 factor authentication, and I’m not sure if that would mean recreating all of my application specific passwords…but I didnt fancy that..
$ adb shell # sqlite3 /data/data/com.google.android.apps.authenticator/databases/databases sqlite> select * from accounts; email@example.com|your2factorkey|0|0 sqlite> .quit #exit
Now open google authenticator on your new device and choose manually add account, put in your email and key as read above. bish bash bosh, done. Validate this is working by running authenticator on both devices, they should have the same id.
If you dont have a rooted device, you will probably just need to disable and re-setup two-factor authentication to discover your new key.
As a side note, I enjoyed discovering the existence of the following packages:
http://code.google.com/p/mod-authn-otp/ – for adding google two factor auth to your webserver, not sure that this supports scratch codes.
http://code.google.com/p/google-authenticator/ – for adding google two factor auth to your linux machine/services, available on debian as libpam-google-authenticator. It has terminal based ascii-art QR-codes, cool! You can probably just update your ~/.google_authenticator with your key you extracted and also manually enter your scratch codes into this file.
RE: Anysharp emails.
You’ve sent me emails promoting the LIMITED AVAILABILITY SPECIAL OFFER anysharp on:
12th Aug 2010
21st Aug 2010
12th Oct 2010
16th Nov 2010
4th Jan 2011
25th Jan 2011
29th Jan 2011
And its always, and currently still is, cheaper direct from the manufacturers site than from you.
Please find a better offer.
Also the submit comment on your site was broken, “error ‘8004020e’ /Scripts/email/sendMail.asp, line 119″ so i posted this on my blog
Low on Space – Phone storage space is getting low.
Its a cursed message on my Android HTC Hero, but there is 16MB free on /data partition! I want my email to sync a bit more and I want to receive text messages and I dont want to delete any apps.
You need to have rooted your android device and have the android sdk installed and debugging enabled on your phone. I might package this recipe up into an apk for easy installation.
The default limit is 10% of free space, i’ve reduced mine to 5%, I don’t know if there are any terrible side effects. As you’ve already rooted your phone you’ve already probably voided your warranty
To reduce from 10% to 5% warning from your “adb shell”:
sqlite3 /data/data/com.android.providers.settings/databases/settings.db insert into secure (name, value) VALUES('sys_storage_threshold_percentage','5'); insert into gservices (name, value) VALUES('sys_storage_threshold_percentage','5'); .quit
Then reboot your phone.
Some firmwares seem to look for the setting in gservices but the latest android source looks like it looks for it in the secure settings, so i’ve included both for good measure.