Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use TOTP instead of fixed password #354

Open
stettler opened this issue Nov 1, 2023 · 3 comments
Open

Use TOTP instead of fixed password #354

stettler opened this issue Nov 1, 2023 · 3 comments

Comments

@stettler
Copy link

stettler commented Nov 1, 2023

Hello,
Would it be possible to add TOTP? Instead of configuring the server to accept a fixed password, it would be a lot more secure if fwknopd would accept a TOTP password (no need to change anything to the client).

@e40
Copy link
Contributor

e40 commented Nov 18, 2023

What I do is keep my password in 1Password and use their Homebrew-based CLI to retrieve it and knock via a script.

@stettler
Copy link
Author

But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.

@e40
Copy link
Contributor

e40 commented Nov 19, 2023

But that still a fixed password... What I mean is that instead of setting a fixed "KEY" on the server side and asking for that "KEY" from the client, we could use a time based OTP. That way, the "KEY" would change regularly and there would be no need for a fixed password.

I agree. I didn't say, but I was assuming the feature was desired because storing a password for automatic knocking is insecure. However, I agree, it's a good feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants