sainslie
commented
7 years ago Is there a danger in using @google Authenticator or @duosecurity through Network Time Protocol? If the server has to maintain clock synchronization it'll need to communicate through NTP and I'm assuming initiate outbound communication. Is there a method of doing this across @torproject itself or am I misunderstanding it? @s-rah? @glamrock?
alecmuffett
I'd consider a setup for @openssh such that it'll listen on the local interface and communicate across @torproject alone instead of IPv4 or IPv6 address; it of course depends upon physical or remote access. It could result in loss of remote access server access is restricted to @torproject rather than direct access through an IPv4 IP address or IPv6 IP address so users must assess their requirements prior to deciding. It does help in cases of the server being seized though so it's a benefit from an anti-forensic standpoint. I'd also consider setting up @google Authenticator or @duosecurity using their Time-based One-time Password Algorithm client to bolster @openssh remote access; or better still perhaps using @yubico in conjunction alongside @openssh?