Skip to content

0x27/twilightpam

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

twilightpam

Python-PAM 2-Factor Authentication using Twilio

WARNING: DO NOT USE THIS IN A PRODUCTION ENVIRONMENT. AT THE MOMENT IT HAS A HABIT OF "FAILING OPEN" IF THE SCRIPT BUGS OUT. WHICH COULD HAPPEN DUE TO REASONS. WILL UPDATE WHEN THIS IS FIXED

What?

After reading the sourcecode for Stampauth by Chokepoint I decided it would be nice to expand it to use the Twilio API to send SMS messages, as the txtdrop solution they were using did not support Ireland. I also had a need to test out the Twilio API for an upcoming project.

Therefore, I simply made this fork of it. All credit for the original idea and code goes to Chokepoint, I simply ported it to use Twilio.

#Setup: First we install the dependencies...

$ sudo apt-get install python-pam
$ pip install twilio

Next we download and install twilightpam

$ git clone https://github.com/0x27/twilightpam.git
$ cd twilightpam
$ sudo cp twilightpam.py /lib/security/

Next edit the "sender", "account_sid", "auth_token" lines in /lib/security/twilightpam.py

Next we configure the sshd config for using this auth.

In /etc/ssh/sshd_config uncomment the following line:

ChallengeResponseAuthentication yes

In /etc/pam.d/sshd locate the section marked with "@include common-auth" and make it look like the entry below.

auth       requisite     pam_python.so twilightpam.py
@include common-auth

You can set a users Office Phone number using the following:

sudo usermod user -c ',,+353851234567,'

Assuming all goes to plan, after you restart sshd, next time you try log in it should send you a SMS message with a one time key for the second factor in authentication.

Bugs

Fails "open" if script bugs out. Am working on fixing this without locking out of box forever.

Licence

Licenced under the WTFPL because I don't give a fuck what you do.