[slightly OT?] TOTP gateway for any service on any server

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[slightly OT?] TOTP gateway for any service on any server

Sitaram Chamarty
Hi all,

I've just created a general purpose TOTP "gatekeeper" that is designed
to gate access to any service on any server/OS (as long as traffic can
only go *through* the TOTP gatekeeper).

The inspiration was Konstantin Ryabitsev's implementation of two-factor
authentication for kernel.org -- from which I got the idea of "use TOTP
to whitelist an IP for some time".

I then extended it to protect any TCP port on any server behind the
gatekeeper.  http://gitolite.com/totport/ is the documentation, and the
source is linked there.

I'd welcome any feedback but please be mindful of the fact that deep
discussion may veer way off-topic for the git or gitolite mailing lists,
although I hope I won't get flak for *this* email :-)

sitaram
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: [gitolite] [slightly OT?] TOTP gateway for any service on any server

Andrew Latham
Sitaram

Looks good and can be very useful. I can even image some edge cases of
using this in automation. Will have to find the time to test this.

On Sat, Sep 20, 2014 at 8:50 AM, Sitaram Chamarty <[hidden email]> wrote:

> Hi all,
>
> I've just created a general purpose TOTP "gatekeeper" that is designed
> to gate access to any service on any server/OS (as long as traffic can
> only go *through* the TOTP gatekeeper).
>
> The inspiration was Konstantin Ryabitsev's implementation of two-factor
> authentication for kernel.org -- from which I got the idea of "use TOTP
> to whitelist an IP for some time".
>
> I then extended it to protect any TCP port on any server behind the
> gatekeeper.  http://gitolite.com/totport/ is the documentation, and the
> source is linked there.
>
> I'd welcome any feedback but please be mindful of the fact that deep
> discussion may veer way off-topic for the git or gitolite mailing lists,
> although I hope I won't get flak for *this* email :-)
>
> sitaram
>
> --
> You received this message because you are subscribed to the Google Groups "gitolite" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> For more options, visit https://groups.google.com/d/optout.



--
~ Andrew "lathama" Latham [hidden email] http://lathama.net ~
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html