Skip to content
One time password authentication for Windows remote desktop
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Android/RDP_OTP_Client
Windows
README.md Place shortcut in Startup folder instead of executable Aug 13, 2015

README.md

RDP OTP

One time password authentication for Windows remote desktop environments

How does it work?

Everytime you log into your remote desktop environment, your password gets automatically changed. The new password is then encrypted with the public key of a personal RSA key pair. The key pair's only purpose is to be used to send one time passwords with an extra level of safety. Your encrypted password is then encoded as an QR code image. This QR code is uploaded to any FTP, WebDAV or network share of your choice. Then you can access the QR code image with the browser even from untrusted systems. Your smartphone holds the private key of your RSA key pair. It is therefor able to decrypt your one time password from the scanned QR code image. You can read the unencrypted password from the screen of your smartphone and use it to log into your remote desktop environment using the untrusted system. Now that you are logged in, the password has already been changed in the background.

Installation procedure

  • Install
    https://github.com/sbeh/RDP-OTP/raw/master/Android/RDP_OTP_Client/bin/RDP_OTP.apk
    onto your android device
  • Run app RDP OTP on your android device
  • Click Generate key which generates a RSA 1024 bit keypair
    Private key is only accessable by this app
    Public key is saved as pubkey.pem on the external sd card
  • Copy pubkey.pem to your remote desktop session
  • In your remote desktop session, copy
    https://github.com/sbeh/RDP-OTP/raw/master/Windows/RDP%20OTP%20Server/bin/Debug/RDP%20OTP%20Server.exe
    to a folder or your choice
  • Place the pubkey.pem in the same folder
  • Create a file oldPass.txt in the same folder, which contains your current password
    No line breaks please!
    Make it accessable only by you
  • Create a file uploadTo.url in the same folder, that contains a link where the QR code is going to be uploaded to. It should look similar to one of these:
    file://N:/Storage/OTP_of_DevMachine.png
    ftp://username:P4$$w0rd@cloudspace.mycompany.net/myPersonalSpace/LoginMeIn.png
    https://ralf:ralfspassword@webdavhost.intern/OTP.png
    file://C:/Users/User/Dropbox/PublicSecrets/MyLogin.png
    No line breaks please!
  • Place a shortcut to RDP OTP Server.exe in
    C:\Users[Your user name]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    to ensure that your password gets changed every time you log in
You can’t perform that action at this time.