From x2go23@noid.net Mon May 16 18:05:29 2016 Received: (at submit) by bugs.x2go.org; 16 May 2016 16:05:32 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 389A95DACF for ; Mon, 16 May 2016 18:05:29 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxbi8nNLAJ6q for ; Mon, 16 May 2016 18:05:22 +0200 (CEST) X-Greylist: delayed 400 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 16 May 2016 18:05:21 CEST Received: from anoid.noid.net (anoid.noid.net [74.95.194.161]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id D0C8C5DA8E for ; Mon, 16 May 2016 18:05:21 +0200 (CEST) Received: from anoid.noid.net (localhost.noid.net [127.0.0.1]) by anoid.noid.net (GNU) with ESMTP id e5435e03 for ; Mon, 16 May 2016 08:58:40 -0700 (PDT) From: Tor Perkins Date: Mon, 16 May 2016 08:56:28 -0700 Subject: add support for Mobile-OTP (MOTP) tokens To: submit@bugs.x2go.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.2.5" Message-ID: <20160516155839.D738732B800B@noid.net> X-Mini-Diatribe: To fix America: 1. Cut government in half 2. Wait thirty years 3. Repeat as necessary This is a multi-part message in MIME format. --------------1.7.2.5 Content-Type: text/plain; charset=UTF-8; format=fixed Content-Transfer-Encoding: 8bit Package: x2goclient Version: 4.0.5.2 Tags: patch Hello, There is very nice OTP (One Time Password) algorithm called "Mobile-OTP" (MOTP). Here is a link for more information: http://motp.sourceforge.net/ This small patch extends x2goclient's OTP support to accommodate MOTP. The patch adds a new string ("passcode:") to challenge_auth_code_prompts_[]. It also adds some comments that indicates the source of the various prompt strings in that array. MOTP is a very nice algorithm that is worthy of support for several reasons. It is "free" and "open" and does not rely on a third party infrastructure to operate. It is a Time-based One Time Password (TOTP) algorithm (like OATH can be), with a distinguishing advantage; it does 2FA ("2 Factor Authentication") innately. That is because it requires a 4 digit PIN to be entered every time it is used. The PIN is not stored in the "token" (i.e. smartphone), so a stolen phone does an attacker no good... It is well established and popular. There are many versions of the "token" available (much more than just IOS and Android apps). It is supported by several "backend" systems (like LinOTP). Please refer to the "Links" section on the project page for many more examples... Thanks for your consideration! X2Go rocks! - Tor --------------1.7.2.5 Content-Type: text/x-patch; name="add-support-for-Mobile-OTP-MOTP-tokens.patch" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="add-support-for-Mobile-OTP-MOTP-tokens.patch" diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp index d85c730..e21ecbb 100644 --- a/src/sshmasterconnection.cpp +++ b/src/sshmasterconnection.cpp @@ -56,8 +56,9 @@ static bool isLibSshInited=false; const QString SshMasterConnection::challenge_auth_code_prompts_[] = { - "Verification code:", - "One-time password (OATH) for" + "Verification code:", // GA (http://github.com/google/google-authenticator) + "One-time password (OATH) for", // OATH (http://www.nongnu.org/oath-toolkit/pam_oath.html) + "passcode:" // MOTP (http://motp.sourceforge.net/pam_mobile_otp-0.6.2.tgz) }; --------------1.7.2.5--