Authentification of a user/client machine

Additional features you would like to see added, changed, or removed. This forum isn't just for the Cerberus FTP Server application. Feel free to post suggestions for anything related to Cerberus (the website, this forum, ect.)
Post Reply
Spade
User
Posts: 13
Joined: Sun Dec 05, 2010 12:46 pm

Authentification of a user/client machine

Post by Spade » Tue Jan 22, 2013 11:52 am

Hello there, long time no post :)

So .. long post short ... is it possible for a ftp server to verify a client machine also as a means to authenticate that user? (besides the password/certificate).

Basically, if a user has a password and certificate, that get misplaced/stolen by a 3rd party ... and that 3rd party wants to log in to the ftp and do some damage/steal/corrupt stuff ... is there a way for the server to ask for a computer fingerprint if you will, a key that is generated by the "unique" combination of motherboard + cpu + bios + other hardware. And of course if that key doesn't match the one stored in the server for that user then the machine from which the log in attempt is made, is added to a blacklist and the user account gets blocked.

I don't know if I made myself understood but i hope so.

PS: I have a feeling this requirement might need a specific client (either something cerberus made or a different popular one that is coded for this upload of a key.)

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Authentification of a user/client machine

Post by Serin » Wed Jan 23, 2013 2:05 pm

Hello,

There's nothing like that for authentication, and implementing such a feature would require a custom client.

I don't think such a system would be any more secure than a certificate. That information is just as susceptible to being stolen, and is easily spoofed once compromised.

If you are just looking to add another layer of authentication to the connection, something like HOTP + a smart phone (using Google Authenticator or OATH Token) would do the trick. I'm planning on adding support for HOTP soon.

matthew.pinkston
New User
Posts: 5
Joined: Mon Mar 12, 2012 11:12 am

Re: Authentification of a user/client machine

Post by matthew.pinkston » Wed May 31, 2017 10:37 am

Serin,

Sorry for pulling up this old thread, but it was the most relevant thing I could find.

We have been implementing two-factor at our organization using DUO Security, which I believe uses HOTP/OATH + a smart phone like you mention here.

Did this support ever get added, and/or are you still planning on adding it?

Thanks!
-Matt P.

pacman
Senior User
Posts: 187
Joined: Thu Apr 28, 2016 1:54 pm

Re: Authentification of a user/client machine

Post by pacman » Wed May 31, 2017 11:04 am

Hello Matthew,

It is still in the works, we hope to have it ready for version 9.0. Which is due to release later this year.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Authentification of a user/client machine

Post by Serin » Mon Aug 07, 2017 12:10 pm

Hello Matt,

Just to follow up on this, but 9.0 will feature TOTP-based two-factor authentication in 9.0. You'll be able to use Duo's mobile app to add a TOTP account. 9.0 will be out this month.

Post Reply