security

Set up 2FA app for PayPal

March 3, 2018
security

It is becoming common knowledge that you should use two-factor authentication whenever possible. Some services allow the use of TOTP apps on your smartphone, some only want so send you SMS codes .. and others use proprietary tokens.

...

Truncated IPMI Passwords

April 6, 2017
homelab, security

I used KeePassX to generate a new, 24 character password with all character types enabled. This was supposed to replace the default ADMIN/ADMIN combination for IPMI on my ESXi box. So I opened the appropriate page through a browser, navigated to Configuration > Users and modified the ADMIN user.

It happily accepted the new password with no warning whatsoever and I logged out to test it .. oh well .. it didn’t work.

...

Signed Npm Version Bumps

January 14, 2017
security

package.json # For a while now I’ve been using Visual Studio Code for a few JavaScript / TypeScript projects. Most of these projects come with a package.json file, which documents various aspects of the project. A tiny example of such a file: { "name": "foo", "version": "1.2.3", "description": "A packaged foo fooer for fooing foos", "main": "foo.js" } npm version # There’s that interesting property version. ...

OpenSSH + OATH-TOTP

March 24, 2016
linux, openssh, security

I dug a little further after my last post and stumbled upon this excellent blog post. It turns out that using the libpam-oath module for two-factor authentication is a lot easier than the challenge-response module and it works rather fabulously. I will document the steps I took here. Again, all credit goes to the author of that blog post above - I mainly followed his explanations and links. What we are going to do # We want to enable two-factor authentication when logging in via ssh. ...

OpenSSH + YubiKey HMAC-SHA1 challenge-response

March 23, 2016
linux, openssh, security

First off: this does not work as I wanted it to work .. it has some interesting implications though. The idea # I am using a YubiKey NEO for various things. It holds my PGP keys in its secure element and has the YubiKey slots configured to use HMAC-SHA1 challenge response and static password. You can for example unlock your KeePass(X) database using OATH-HOTP or the challenge-response mechanism. The idea was to use the PAM module in its challenge-response mode for authentication during SSH logins. ...