Python-PAM 2-Factor Authentication using Twilio
WARNING: DO NOT USE THIS IN A PRODUCTION ENVIRONMENT. AT THE MOMENT IT HAS A HABIT OF "FAILING OPEN" IF THE SCRIPT BUGS OUT. WHICH COULD HAPPEN DUE TO REASONS. WILL UPDATE WHEN THIS IS FIXED
After reading the sourcecode for Stampauth by Chokepoint I decided it would be nice to expand it to use the Twilio API to send SMS messages, as the txtdrop solution they were using did not support Ireland. I also had a need to test out the Twilio API for an upcoming project.
Therefore, I simply made this fork of it. All credit for the original idea and code goes to Chokepoint, I simply ported it to use Twilio.
#Setup: First we install the dependencies...
$ sudo apt-get install python-pam
$ pip install twilio
Next we download and install twilightpam
$ git clone https://github.com/0x27/twilightpam.git
$ cd twilightpam
$ sudo cp twilightpam.py /lib/security/
Next edit the "sender", "account_sid", "auth_token" lines in /lib/security/twilightpam.py
Next we configure the sshd config for using this auth.
In /etc/ssh/sshd_config uncomment the following line:
ChallengeResponseAuthentication yes
In /etc/pam.d/sshd locate the section marked with "@include common-auth" and make it look like the entry below.
auth requisite pam_python.so twilightpam.py
@include common-auth
You can set a users Office Phone number using the following:
sudo usermod user -c ',,+353851234567,'
Assuming all goes to plan, after you restart sshd, next time you try log in it should send you a SMS message with a one time key for the second factor in authentication.
Fails "open" if script bugs out. Am working on fixing this without locking out of box forever.
Licenced under the WTFPL because I don't give a fuck what you do.