dromara / orion-visor

一款高颜值、现代化的自动化运维及轻量堡垒机,提供服务器智能运维解决方案。支持资产管理分组、SSH SFTP 终端、文件上传下载、文件在线编辑、命令批量执行、多主机文件分发、cron 表达式配置计划任务,安全保障等。该项目是由 java 实现, 前端使用 vue + arco, 后端使用 springboot, 支持 docker 部署的服务器运维, linux windows 系统运维平台。
https://visor.dromara.org.cn/
Apache License 2.0
439 stars 71 forks source link

[Feature] Expected to support Multi-factor authentication #42

Open MemoryShadow opened 4 months ago

MemoryShadow commented 4 months ago

Is your feature request related to a problem?

I think a relatively secure operation and maintenance tool should support at least one MFA verification method. This tool interface looks logical, but the lack of MFA makes it easier for accounts to be stolen.

Describe the solution you'd like

At least one two-step verification method, here we take virtual MFA as an example. When creating a user, allow the user to bind a virtual MFA device, such as Microsoft Authenticator. When the user logs in, require the user to use the bound MFA method for identity authentication at the same time. When the user performs high-risk operations such as data changes, require the use of MFA for further verification

Is there some similar software?

You can refer to this project, which is also open source and focuses on security, but the information presented in the interface is not as elegant as this project. Bastillion

Additional context

Here are some documents that may help.

lijiahangmax commented 4 months ago

ok 后面给加上

MemoryShadow commented 4 months ago

ok 后面给加上

I'm sorry that I just saw this reply now. Thank you for your prompt reply. I hope orion-visor can become better and better. If you have further discussion, please @ me.