2-Factor Auth for SSH using Twilio API and Python-PAM21 Oct 2014
So, first real post here. Inspired by a post over at the Chokepoint blog, and after recently doing some reading up on the Twilio API, I decided it would be fun to expand their little script to use Twilio instead of TxtDrop for the simple reason that Twilio supports a lot more countries (including Ireland and the UK, where I currently reside) than TxtDrop, and so I could have an excuse to mess with Twilio, as I need to get to grips with its API for another project currently under development. I also wanted 2 factor auth for the server I use for IRC.
First off, we have to understand how the Python API for Twilio works for sending a SMS. Below is the example code from their documentation. Please note, I could not for the fucking life of me get this to work with a free Twilio account, and resorted to paying cash fucking money for one in the end.
So, now we know how to send the text message. We modify this example and shove it into a function that accepts a destination phone number and the one time PIN we wish to send.
Literally 2 lines of code. We can add some error handling or whatever later if we are so inclined. I am not, at this time, bothered. Now, to modify StampAuth to use our magical Twilio stuff, we simply ditch the SMS sending class, modify the function calls to the SMS sendy bit, and Bob’s yer uncle - it works.
Now, we have not yet looked at the PAM parts of the code… Simply because it took me a while to figure them out!
As you may notice, the “pam” module is never imported. This seems to be because in the configuration, pam_python.so is explicitly called to handle the python script. This is not something I have seen before, so I decided against mucking about with it too much… I will eventually study python-pam in more detail in a future post when I figure it out a bit better!
Without further ado… Here is an example run of our little module :)
You can download the fork using Twilio on the github page