Google Authenticator for offline server
We are trying to set up GA auth on an offline server that we use to access our secure networks. The jump server on which RDM is installed has no internet access, so no QRcode is generated (I can see it failing to reach www.google.com). I have tried to use the secret key, but GA does not like it (invalid characters). I tried the code in a Chrome Plugin - the plugin accepted the code, but it did not validate on RDM
We have an MOTP server, and I tried to point it there, but that failed as well.
Is there a way to transfer the RDM auth from my laptop to this server using the cfg file?
If no, can you tell me how to convert the secret key RDM shows into a Base32 number that GA will accept? It may be worthwhile to have the QR code generation internal to RDM so it works for off-line installations.
Thanks
All Comments (3)
Hi,
I don't have a solution for you when you are in offline mode. The GA auth is handled by google and I'm not sure what we could do for now.
David Hervieux
Thanks, David.
Does RDM use google when it creates the QR code or to do the full authentication? I have GA enabled with RDM on my laptop, and the authentication works pretty well even when I am offline.
So, if it works offline, the secret key that is shown on the RDM dialog for GA could be put into GA manually, but it does have to be ALL CAPS base32 first. It is NOT base32 it its current form. Can you tell me what kind of encoding the string RDM is showing for the secret key in the GA dialog? I tried converting it as Hexadecimal, Base16 and Base64 to Base32 without success.
Thanks!
Hi,
We invoke google to validate the key with the code you entered. It's using the elapsed time I think.
David Hervieux