% totport -- TOTP anywhere, any service
TOTP ("Time-based One Time Password") is the simplest way of adding "2 factor authentication" to a service. Many online services now offer TOTP as an additional security measure against stolen passwords. Reference links: OTPs are a type of two factor authentication, and TOTPs are a very specific type of OTP.
Sadly, most services are not TOTP enabled, or it requires a fair bit of effort to put a TOTP gate in front of them. (Think various imap servers, database servers, even web servers).
But if you can force all your services to go through one "gatekeeper" server, (for example by telling the applications to accept connections only from the gatekeeper) then that server can use totport and authenticate users with TOTP, and then use ssh port forwarding to enable selective access.
The totp
program which is part of totport
can also be used as a TOTP
backend for any application that can make system() calls. It has a very
simple but powerful API.
The basic idea (of having a validate step making some kind of a backend change to enable the next action) is inspired by Konstantin's recent addition of 2-factor authentication to gitolite. Thanks Konstantin!
The rest of the documentation is at http://gitolite.com/totport.
totport
is copyright Sitaram Chamarty and is licensed under the GPL v2.