• Zur Hauptnavigation springen
  • Skip to main content
  • Zur Fußzeile springen

Sebastian Mogilowski's Blog

Just another blog about administration, linux and other stuff

  • Home
  • Contact
  • Imprint
  • Projects & HOWTOs
  • Publications

Two-factor authentication with Guacamole 1.1.0 (Part 4)

6. Mai 2020 by sebastian 2 Kommentare

You can add totp-auth to your Guacamole login process. You can use any TOTP App like „Google Authenticator“ or „OTP Auth“ to add a two-factor authentication to Guacamole.

First download and install the totp-auth plugin:

cd /usr/src/
wget http://apache.mirror.digionline.de/guacamole/1.0.0/binary/guacamole-auth-totp-1.0.0.tar.gz
tar xvzf guacamole-auth-totp-1.0.0.tar.gz
cp /usr/src/guacamole-auth-totp-1.0.0/guacamole-auth-totp-1.0.0.jar /etc/guacamole/extensions/

Now configurate ‚/etc/guacamole/guacamole.properties‘ with your favorite editor and add the following line:

totp-issuer: My Guacamule TOTP

Change the value to your prefered name.

Now restart tomcat and test it:

systemctl restart tomcat9

After login (with an admin user!) you should see this:

Now scan the QR-Code with your mobile phone.

This only works currently for admin users. Because each user needs the privilege to change his own password. You can change this setting for users in the preferences of the user.

Users without this setting still can login but without the two-factor authentication.

Reset the two-factor

If the user lost his phone you need to reset the totp for the user to establish a new one.

mysql -u root -p
use guacamoldb;
SELECT user_id FROM guacamole_user INNER JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user.entity_id WHERE guacamole_entity.name = 'guacadmin';

Now you get the userid of the user guacadmin which should be #1.
Reset totp for user with id #1.

UPDATE guacamole_user_attribute SET attribute_value='false' WHERE attribute_name = 'guac-totp-key-confirmed' and user_id = '1';
quit;

Kategorie: Systemadministration

Leser-Interaktionen

Kommentare

  1. kali linux meint

    17. August 2020 um 11:21

    Thanks very nice

    Antworten
  2. Nazr meint

    20. Oktober 2020 um 08:30

    nice.

    Antworten

Schreibe einen Kommentar Antworten abbrechen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.

Footer

Kategorien

  • Allgemein
  • Coldfusion
  • Development
  • Fun
  • General
  • Home automation
  • Homematic
  • Linux
  • Mobile
  • PHP
  • Privat
  • Systemadministration
  • Virtualization
  • Windows
  • Zaurus

© 2021 · Sebastian Mogilowski's Blog · Powered by Imagely