Implementation of Multifactor Authentication for the Open SSH Server

Abstract

In this paper, the implementation of multi-factor authentication for the OpenSSH server is presented, using TOTP codes as the second authentication factor. The configuration steps and security analysis during user login to the server are described.

References

1. [1] Stallings, W. (2017). Network Security Essentials: Applications and Standards. 6th ed., Pearson.
2. [2] Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company.
3. [3] Das, A., Bonneau, J., Caesar, M., Borisov, N., & Wang, X. (2014). The Tangled Web of Password Reuse. NDSS Symposium.
4. [4] Florêncio, D., & Herley, C. (2011). Where Do Security Policies Come From? Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS).
5. [5] O’Gorman, L. (2003). Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE, 91(12), 2021–2040.
6. [6] M’Raihi, D., Machani, S., Pei, M., & Rydell, J. (2011). TOTP: Time-Based One-Time Password Algorithm. RFC 6238, IETF.
7. [7] Ylönen, T., & Lonvick, C. (2006). The Secure Shell (SSH) Protocol Architecture. RFC 4251, IETF.
8. [8] Kim, H. & Smith, M. (2019). “Security comparison of Secure Shell (SSH) and predecessor protocols.” Journal of Communication and Computer, 16(6), 262–270
9. [9] Barret, D., Silverman, R., & Byrnes, R. (2012). SSH, The Secure Shell: The Definitive Guide. O'Reilly.
10. [10] Samar, V., & Lai, C. (1996). Pluggable Authentication Modules. Sun Microsystems White Paper.
11. [11] M’Raihi, D., et al. (2011). TOTP: Time-Based One-Time Password Algorithm. RFC 6238.