ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    RDP - Whitelist IP address with 2 step authentication?

    IT Discussion
    2
    5
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flaxking
      last edited by

      I was looking at multiOTP, which looks like it would be a good free way of implementing 2-step authentication for RDP
      https://github.com/multiOTP/multiotp/wiki
      http://servilon.com/two-factor-authentication/

      But I would imagine that in SMB, people would find it annoying to have to get a code every time.

      And then I found this post that makes me think you could use the 2-step authentication in order to whitelist IPs

      https://www.reddit.com/r/sysadmin/comments/16y3da/2_factor_ssh_login_via_google_authentication/c80k44d/

      Maybe I'll try to lab it sometime

      1 Reply Last reply Reply Quote 3
      • M
        multiOTP
        last edited by

        Hello,
        What do you mean exactly by " in SMB, people would find it annoying to have to get a code every time" ?
        Any proposal welcome, and we will adapt our Credential Provider (https://github.com/multiOTP/multiOTPCredentialProvider)
        Regards,
        Andre

        F 1 Reply Last reply Reply Quote 4
        • F
          flaxking
          last edited by

          @multiOTP Welcome to the community!

          1 Reply Last reply Reply Quote 1
          • F
            flaxking @multiOTP
            last edited by

            @multiotp said in RDP - Whitelist IP address with 2 step authentication?:

            Hello,
            What do you mean exactly by " in SMB, people would find it annoying to have to get a code every time" ?
            Any proposal welcome, and we will adapt our Credential Provider (https://github.com/multiOTP/multiOTPCredentialProvider)
            Regards,
            Andre

            What I mean by that is, with a small business that does not have it's own IT staff, the business owner often is the person who determines the security that is used based on their own personal availability tolerance. If they find it too annoying (aka availability/accessibility is too low) to enter in a code, they will simply tell a MSP they don't want that. The MSP has to either oblige, convince them otherwise, or drop them as a client.

            Small businesses with IT staff runs into a pretty similar situation. Might actually be worse because there is not a peer-to-peer relationship between IT staff and owner, and the alternative is for the IT staff to quit.

            1 Reply Last reply Reply Quote 1
            • F
              flaxking
              last edited by

              I think I will make a proposal, thanks for joining the community and reaching out @multiOTP

              1 Reply Last reply Reply Quote 1
              • 1 / 1
              • First post
                Last post