Using OTP (one-time passwords) in rstudio server open source

Posted on May 14, 2023 by R | Adi Sarid in R bloggers | 0 Comments

[This article was first published on R | Adi Sarid, and kindly contributed to R-bloggers]. (You can report issue about the content on this page here)
Want to share your content on R-bloggers? click here if you have a blog, or here if you don't.

Background

Lately, I decided to harden security a bit. This included securing my rstudio server (open source) with one-time passwords.

Two-factor authentication (or multi-factor authentication) is when you use a username, password, and another means of authentication, mainly a one-time password that’s generated and sent via SMS or email or, in this case, created by an authentication app. In this case, I will demonstrate how to enable OTP on the rstudio server login.

At the moment of writing these lines, some posts deal with this here, and here; however, none of them worked for me. The latter did lead me in the right direction, so here is the setup I used to enable the OTP on rstudio server.

The following assumes you have an rstudio server running on linux, with sudo privileges.

Installing google-authenticator

The google-authenticator is an authentication module that’s installed on linux (not to be confused the android app that goes by a similar name). Installing it is the first step:

sudo apt install libpam-google-authenticator

This module integrates into linux’s PAM (pluggable authentication modules).

Now, log into rstudio as you would regularly and in the terminal run:

google-authenticator

This will yield a series of questions and set-up steps, i.e.:

  • Confirm using time-based tokens

  • Scan the QR-code into your preferred authentication app (e.g., google authenticator for Android)

  • Copy your emergency codes for backup

  • I also disallowed multiple logins,

  • Permitted time skews; and

  • Limited login attempts against brute force attacks).

Edit the rstudio authentication profile

The next step is to edit the authentication profile for rstudio. Inside linux command line (as sudo) run the following code: sudo nano /etc/pam.d/rstudio, and paste the following:

auth required pam_google_authenticator.so
@include common-account
@include common-session

Now, edit another rstudio server file using: /etc/rstudio/rserver.conf and paste the following:

auth-pam-require-password-prompt=0

Save and close the file.

Restart your rstudio server using sudo systemctl restart rstudio-server.service.

Check that everything works

Go to your rstudio server login page and enter your user name. In the password text box enter the code shown on your authentication app. It should be able to log you in.

To leave a comment for the author, please follow the link and comment on their blog: R | Adi Sarid.
R-bloggers.com offers daily e-mail updates about R news and tutorials about learning R and many other topics. Click here if you're looking to post or find an R/data-science job.
Want to share your content on R-bloggers? click here if you have a blog, or here if you don't.

Copyright © 2023 | MH Corporate basic by MH Themes

Never miss an update!
Subscribe to R-bloggers to receive
e-mails with the latest R posts.
(You will not see this message again.)

Click here to close (This popup will not appear again)