Page 1 of 1

Authentification of a user/client machine

Posted: Tue Jan 22, 2013 11:52 am
by Spade
Hello there, long time no post :)

So .. long post short ... is it possible for a ftp server to verify a client machine also as a means to authenticate that user? (besides the password/certificate).

Basically, if a user has a password and certificate, that get misplaced/stolen by a 3rd party ... and that 3rd party wants to log in to the ftp and do some damage/steal/corrupt stuff ... is there a way for the server to ask for a computer fingerprint if you will, a key that is generated by the "unique" combination of motherboard + cpu + bios + other hardware. And of course if that key doesn't match the one stored in the server for that user then the machine from which the log in attempt is made, is added to a blacklist and the user account gets blocked.

I don't know if I made myself understood but i hope so.

PS: I have a feeling this requirement might need a specific client (either something cerberus made or a different popular one that is coded for this upload of a key.)

Re: Authentification of a user/client machine

Posted: Wed Jan 23, 2013 2:05 pm
by Serin
Hello,

There's nothing like that for authentication, and implementing such a feature would require a custom client.

I don't think such a system would be any more secure than a certificate. That information is just as susceptible to being stolen, and is easily spoofed once compromised.

If you are just looking to add another layer of authentication to the connection, something like HOTP + a smart phone (using Google Authenticator or OATH Token) would do the trick. I'm planning on adding support for HOTP soon.

Re: Authentification of a user/client machine

Posted: Wed May 31, 2017 10:37 am
by matthew.pinkston
Serin,

Sorry for pulling up this old thread, but it was the most relevant thing I could find.

We have been implementing two-factor at our organization using DUO Security, which I believe uses HOTP/OATH + a smart phone like you mention here.

Did this support ever get added, and/or are you still planning on adding it?

Thanks!
-Matt P.

Re: Authentification of a user/client machine

Posted: Wed May 31, 2017 11:04 am
by pacman
Hello Matthew,

It is still in the works, we hope to have it ready for version 9.0. Which is due to release later this year.

Re: Authentification of a user/client machine

Posted: Mon Aug 07, 2017 12:10 pm
by Serin
Hello Matt,

Just to follow up on this, but 9.0 will feature TOTP-based two-factor authentication in 9.0. You'll be able to use Duo's mobile app to add a TOTP account. 9.0 will be out this month.