privacyIDEA - Modular Authentication System

•    Python

---

privacyIDEA is a Two Factor Authentication System which is multi-tenency- and multi-instance-capable. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication.

authentication two-factor-authentication 2fa otp security

aws-mfa - Manage AWS MFA Security Credentials

•    Python

---

aws-mfa makes it easy to manage your AWS SDK Security Credentials when Multi-Factor Authentication (MFA) is enforced on your AWS account. It automates the process of obtaining temporary credentials from the AWS Security Token Service and updating your AWS Credentials file (located at ~/.aws/credentials). Traditional methods of managing MFA-based credentials requires users to write their own bespoke scripts/wrappers to fetch temporary credentials from STS and often times manually update their AWS credentials file. short-term - A temporary set of credentials that are generated by AWS STS using your long-term credentials in combination with your MFA device serial number (either a hardware device serial number or virtual device ARN) and one time token code. Your short term credentials are the credentials that are actively utilized by the AWS SDK in use.

aws mfa 2fa two-factor-authentication multi-factor-authentication amazon-web-services aws-sts sts awsmfa

u2f - U2F Authentication for Node.js

•    Javascript

---

U2F 2-factor authentication library

u2f 2-factor authentication two-factor-authentication two-factor

cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

•    Go

---

step is a zero trust swiss army knife. It’s an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). For more information and docs see the step website and the blog post announcing step.

security security-tools jwt oauth x509 tls oath totp encryption cryptography sso mfa jws jwe jose

sshportal - :tophat: simple, fun and transparent SSH bastion

•    Go

---

:tophat: simple, fun and transparent SSH bastion

ssh ssh-server bastion devops security

YubiKey-Guide - Guide to using YubiKey as a SmartCard for GPG and SSH

•    

---

This is a guide to using YubiKey as a SmartCard for storing GPG encryption and signing keys. An authentication key can also be created for SSH and used with gpg-agent.

yubikey gpg gnupg ssh security gpg-agent gpg-configuration smartcard remote-access rsa-cryptography

django-two-factor-auth - Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects

•    Python

---

Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django's built-in authentication framework django.contrib.auth for providing the easiest integration into most Django projects. Inspired by the user experience of Google's Two-Step Authentication, allowing users to authenticate through call, text messages (SMS), by using a token generator app like Google Authenticator or a YubiKey hardware token generator (optional). I would love to hear your feedback on this package. If you run into problems, please file an issue on GitHub, or contribute to the project by forking the repository and sending some pull requests. The package is translated into English, Dutch and other languages. Please contribute your own language using Transifex.

two-factor-authentication django authentication

SSH.NET - SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

•    CSharp

---

SSH.NET is a Secure Shell (SSH-2) library for .NET, optimized for parallelism.This project was inspired by Sharp.SSH library which was ported from java and it seems like was not supported for quite some time. This library is a complete rewrite, without any third party dependencies, using parallelism to achieve the best performance possible.

ssh ssh-library security secure-shell

ansible-ssh-hardening - This Ansible role provides numerous security-related ssh configurations, providing all-round base protection

•    Ruby

---

This role provides secure ssh-client and ssh-server configurations. It is intended to be compliant with the DevSec SSH Baseline. Warning: This role disables root-login on the target server! Please make sure you have another user with su or sudo permissions that can login into the server.

ansible ssh-configuration playbook role hardening protection ssh-server ssh-agent

KeyBox - Web-based SSH console that centrally manages administrative access to systems

•    Java

---

KeyBox is an open-source web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. KeyBox layers TLS/SSL on top of SSH and acts as a bastion host for administration. Protocols are stacked (TLS/SSL + SSH) so infrastructure cannot be exposed through tunneling / port forwarding.

ssh ssh-console system-admin key-management ssl tls security

SoftU2F - Software U2F authenticator for macOS

•    Swift

---

Soft U2F is a software U2F authenticator for OS X. It emulates a hardware U2F HID device and performs cryptographic operations using the OS X Keychain. This tool works with Google Chrome and Opera's built-in U2F implementations as well as with the U2F extensions for OS X Safari and Firefox.We take the security of this project seriously. Report any security vulnerabilities to the GitHub Bug Bounty Program.

fido-u2f cryptography

bastion-firewall

•    C

---

bastion-firewall is a Netfilter based firewall for Linux. It can generate graphical stats of all the rules traffic in the firewall with Rrdtool and it's integrated with the Snort Inline IPS. It's written in the bash and C programming languages.

u2f-ref-code - U2F reference implementations

•    Javascript

---

This code can verify U2F registrations and signatures. A web application built to accept U2F 2nd factor is built on top of a code base such as this. The code base includes a trivial web application so the user can experiment with registration and signatures (also see the sample web app below).This is a Java implementation of a U2F device. It generates registration and signature statements and is meant for testing against your server implementation. A physical U2F device will generate similar statements.

xiringuito - SSH-based "VPN for poors"

•    Shell

---

This is the "VPN without VPN" software done using nice built-in capabilities of SSH. Yes! That easy - just pass an SSH server and the list of networks your want to access through this server.

vpn ssh bastion-host security network access aws

TwoFactorAuth - PHP library for Two Factor Authentication (TFA / 2FA)

•    PHP

---

PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on but most importantly an improvement on 'PHPGangsta/GoogleAuthenticator'. There's a .Net implementation of this library as well. Here are some code snippets that should help you get started...

qrcode two-factor twofactorauth totp multi-factor security

twofactorauth - List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software

•    HTML

---

A list of popular sites and whether or not they accept two factor auth. The goal is to build a website (TwoFactorAuth.org) with a comprehensive list of sites that support Two Factor Authentication, as well as the methods that they provide.

twofactorauth two-factor security authentication

Harbor - An enterprise-class container registry server based on Docker Distribution

•    Go

---

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. It extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security.

docker docker-registry registry-server private-registry containers docker-distribution

fail2ban - Daemon to ban hosts that cause multiple authentication errors

•    Python

---

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose. Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

security intrusion-prevention fail2ban bsd gplv2 ban-hosts intrusion-detection ids ips anti-bot attack-prevention

YubiKey Azure Authentication

•    

---

The YubiKey Azure Authentication project shows how to use the Yubico authentication service from a ASP.NET MVC 3 site hosted in Windows Azure, with SQL Azure as the backend user store, for a more secure two-factor authentication of users in the cloud.

M-Pin - Two Factor Authentication For Web sites

•    Java

---

M-Pin Strong Authentication System enables true two-factor authentication for web sites and applications, based on the open source M-Pin Authentication Server and M-Pin Managed Service. The M-Pin™ Managed Service is a highly available, fault tolerant software as a service that issues cryptographic secrets to M-Pin Authentication Servers and Clients.

2factor authentication security cryptography