With passwords becoming inherently insecure nowadays, I decided to add an extra layer of security by using the Textlocal One-Time Password API (Its so new I haven't been able to get it documented yet).
One-Time Passwords are unique codes which are sent to a trusted mobile device which can then be checked and then allowed or denied access based on the response back.
This is pretty awesome considering the code can not be guessed, expires after 24 hours, can only be used once, and is separate to the service which is requiring the authentication.
Like I said, I decided to add One-Time Passwords to my Linux server, to do this, I added the following code to the bottom of my user's (my user, since no other users have SSH access)
tlrequest="username=**EMAIL**&password=**PASS**&numbers=**NUMBER**&message=SSH%20OTP%20is&sender=SSH-OTP" trap logout INT curl -s -d $tlrequest http://api.txtlocal.com/otp_send >/dev/null 2>&1 echo "A One-time password has been sent to your device. Please enter it below followed by [enter]:" read otp check=$(curl -s "http://api.txtlocal.com/otp_challenge/?username=**EMAIL**&password=**PASS**&numbers=**NUMBER**&code=$otp >/dev/null 2>&1") if [[ $check == *uccess* [[ then echo "OTP Validated."; else echo "OTP Invalid. Disconnecting." logout fi
To make the code work, you will need:
1. A Textlocal account
2. Change **EMAIL** to your email address
3. Change **PASS** to your Textlocal password or hash
4. change **NUMBER** to your mobile number (eg 447000000000)