2 posts tagged with "authentication"

This article describes how to use a SSH CA to authenticate to SSH servers. This is particularly useful when you have a lot of servers to manage and you want to avoid the hassle of managing a lot of SSH keys.

The basic idea is to have a CA (Certificate Authority) that will sign the public keys of the users. Then, the users will be able to authenticate to the servers using their signed public key. This way, you don't have to manage the public keys of the users on the servers, you only have to manage the public keys of the CA. You can also limit the validity of the signed public keys to a certain amount of time or to a certain set of servers and users.

Now that every web service encourage you, more and more, to use [MFA][mfa-wikipedia] to secure your account, one of them is used most than others : [Time-based one-time password or TOTP][totp-wikipedia] generate a unique code of 6 or more numbers to enter just after typing your password.

The server or web app allowing to setup [TOTP][totp-wikipedia] give a [QRCode][qrcode-wikipedia] to scan (or a [Base32][rfc-4648] string) to configure in a [TOTP][totp-wikipedia] generator app like [Microsoft Authenticator][ms-authenticator-site], [Google Authenticator][google-authenticator-site], [Bitwarden][bitwarden-site] or more.

We all use it, but how does it work ? Is it secure ? Is my account secure when using third-party [TOTP][totp-wikipedia] generator ??