pam_2fa
2nd factor authentication using PAM (by CERN-CERT)
knockknock
A simple, secure, and stealthy port knocking implementation that does not use libpcap or bind to a socket interface. (by moxie0)
pam_2fa | knockknock | |
---|---|---|
1 | 3 | |
33 | 504 | |
- | - | |
- | 0.0 | |
over 3 years ago | over 5 years ago | |
C | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pam_2fa
Posts with mentions or reviews of pam_2fa.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-01.
knockknock
Posts with mentions or reviews of knockknock.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-01.
-
Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
It's old and there are probably friendlier options out there now, but
https://github.com/moxie0/knockknock/blob/master/INSTALL
- Ssh brute force attack with fail2ban.
-
SSH server that changes listen address every 30 seconds based on TOTP
> Or is completely firewalled off from the world, and only accessible once you've authenticated yourself to your VPN. Or only reachable once you first authenticate (public/private keys, two factor crypto key auth, etc) to a bastion host, and then reach the system from the bastion.
There's a lot of attack surface in there. Port-knocking is supposed to be a way to reduce attack surface. It's a belt-and-suspenders approach to the reality that even fully patched openssh has exploitable bugs.
Using this tool, a MITM with an openssh 0day can just follow you in. KnockKnock [0] and tools like it do not suffer from this defect. This tool is conceptually similar to KnockKnock, using OTP instead of a monotonic counter. Using OTP opens it up to replay attacks.
https://github.com/moxie0/knockknock