Port knocking using two-factor authentication
List of commits:
| Subject | Hash | Author | Date (UTC) |
|---|---|---|---|
| Spelling corrections | aaa52f5924c18f691e9475a65c9a2223f2a13e14 | Catalin(ux) M. BOIE | 2018-04-26 19:56:31 |
| Small README update | 3535924e1cda76040cd1309de11fe9a8a0b2e39e | Catalin(ux) M. BOIE | 2018-04-26 19:53:22 |
| Use RAND_bytes instead of getrandom because it is not supported on CentOS7 | 86b71d957f8ca371f04837746c0ac9689306d48e | Catalin(ux) M. BOIE | 2018-04-03 03:49:17 |
| Small stuff dealing with ENOBUFS; doc updated | 17bb2fc3712e1704519d4c4257462e71350dfa93 | Catalin(ux) M. BOIE | 2018-03-23 03:28:39 |
| Add first support for ct marking | 19268d626b40bdd18480cc79fa597aa4bff9c824 | Catalin(ux) M. BOIE | 2018-03-21 17:23:01 |
| More tweakings all around | 0c5961860deadb8bcb1dfd1be429b2966f03312a | Catalin(ux) M. BOIE | 2018-03-11 21:10:32 |
| Added password support | df6d270a3e243084069a31fe980d76c97d89a861 | Catalin(ux) M. BOIE | 2018-02-13 22:46:53 |
| Checkpoint | 049e12584744b8a51bfc5867fd0e7b2db0592deb | Catalin(ux) M. BOIE | 2018-02-11 22:25:13 |
| Fixed a bug in totp, added keys in memory | abec61861e2f37398026dbe7342d7751390e95d8 | Catalin(ux) M. BOIE | 2018-02-04 18:36:12 |
| Initial version | c641fafbd46342cd24fde45129cc3637b7ca65bc | Catalin(ux) M. BOIE | 2018-02-03 23:42:32 |
Commit aaa52f5924c18f691e9475a65c9a2223f2a13e14
- Spelling corrections
Author: Catalin(ux) M. BOIE
Author date (UTC): 2018-04-26 19:56
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2018-04-26 19:56
Parent(s): 3535924e1cda76040cd1309de11fe9a8a0b2e39e
Signing key:
Tree: 85e55cdafdfc3247e6b9cf89c61667e8b7315c24
Author: Catalin(ux) M. BOIE
Author date (UTC): 2018-04-26 19:56
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2018-04-26 19:56
Parent(s): 3535924e1cda76040cd1309de11fe9a8a0b2e39e
Signing key:
Tree: 85e55cdafdfc3247e6b9cf89c61667e8b7315c24
| File | Lines added | Lines deleted |
|---|---|---|
| README | 3 | 3 |
| File README changed (mode: 100644) (index c992367..acff519) | |||
| ... | ... | tokens (6 digit codes). | |
| 35 | 35 | Check below how to setup your firewall. The rules will force control packets | Check below how to setup your firewall. The rules will force control packets |
| 36 | 36 | to hit nf2fa daemon and will trigger the validation. | to hit nf2fa daemon and will trigger the validation. |
| 37 | 37 | On another machine, you will need to run the special ping/nc command to open | On another machine, you will need to run the special ping/nc command to open |
| 38 | the firewall. For this, you will need the password choosed at enroll time and | ||
| 38 | the firewall. For this, you will need the password entered at enroll time and | ||
| 39 | 39 | the 6 digits token. See below the examples. | the 6 digits token. See below the examples. |
| 40 | 40 | Please note that the time must be in sync on both server and mobile device | Please note that the time must be in sync on both server and mobile device |
| 41 | 41 | because the tokens are time dependent. | because the tokens are time dependent. |
| ... | ... | Error: key id not found! | |
| 126 | 126 | $ ping -c1 destination -p aaPP...PPIIIIIICC | $ ping -c1 destination -p aaPP...PPIIIIIICC |
| 127 | 127 | Where: | Where: |
| 128 | 128 | aa is the start of the command (just type two 'a' letters) | aa is the start of the command (just type two 'a' letters) |
| 129 | PP...PP is the password choosed at enrollment phase | ||
| 129 | PP...PP is the password entered at enrollment phase | ||
| 130 | 130 | IIIIII is the 6 digit pin generated by the 2fa application | IIIIII is the 6 digit pin generated by the 2fa application |
| 131 | 131 | CC is the command | CC is the command |
| 132 | 132 | 11 - open firewall | 11 - open firewall |
| ... | ... | PIN="539252" | |
| 145 | 145 | $ ping -c1 172.30.43.4 -p aa${PASSWORD}${PIN}cc | $ ping -c1 172.30.43.4 -p aa${PASSWORD}${PIN}cc |
| 146 | 146 | ||
| 147 | 147 | If an answer is received, the command executed with success. | If an answer is received, the command executed with success. |
| 148 | On timeout, an error occured. | ||
| 148 | On timeout, an error occurred. | ||
| 149 | 149 | ||
| 150 | 150 | Note that you can send any type of packet, not only ICMP. | Note that you can send any type of packet, not only ICMP. |
| 151 | 151 | Here, we will use UDP: | Here, we will use UDP: |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/nf2fa
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/nf2fa
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/nf2fa
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!