Wednesday, October 30, 2013

How to use Google Authenticator with OpenBSD, OpenSSH, and OpenVPN--and why you might not want to

I thought that Google Authenticator might be a quick and easy two-factor authentication solution for VPN access to my personal network, so I did some Google searches to see if that were so.  I found quite a few sources describing how to set it up with systems that use Linux Pluggable Authentication Modules (PAM), but very little about using it with BSD Authentication on OpenBSD.

The most promising link I came across was to an implementation of Google Authentication for OpenBSD that was last updated in early 2013, based on Google's PAM code, but I couldn't get it to work.  It compiled and installed, and the googleauth code for generating a secret (and a very insecure way of generating a QR code to use to import it into the Google Authenticator application) worked fine, but I couldn't successfully use it for console login, OpenSSH login, or OpenVPN login.

I also found the standard OpenBSD port for openvpn_bsdauth, which compiled, installed, and worked successfully for password authentication by adding these lines to my OpenVPN configuration:
script-security 2
tmp-dir <path to dir writable only by _openvpn user>
auth-user-pass-verify /usr/local/libexec/openvpn_bsdauth via-file

This also requires that the authenticating user be put into the _openvpnusers group.

I was unable to get the via-env method to work, however.

I next tried the standard OpenBSD port of login_oath, which implements the OATH toolkit, which uses the same time-based TOTP protocol that Google Authenticator uses.  This turned out to do the trick.  Once installed, you create a secret key that the server authentication will check against and store it in your home directory (one thing I liked about googleauth is that it stores the shared secret in a system directory to which the user doesn't have access; better still is the suggestion of keeping the secrets on an auth server as totp-cgi does).  The documentation recommends creating the secret (which the user doesn't need to know except for the initial configuration of the Google Authenticator client application) by doing:
openssl rand -hex 20 > ~/.totp-key
I then needed to convert this from hex to base32, which is simple enough to do with the method the documentation recommends, which is using the perl module Convert::Base32 (OpenBSD port p5-Convert-Base32) and a short script like:
#!/usr/bin/perl
use Convert::Base32;
open (FILE, "/home/vpnuser/.totp-key");
$secret = <FILE>;
close (FILE);
$code = pack ('H*', $secret);
print encode_base32($code)."\n";
The resulting code can be manually entered into Google Authenticator.

To use Google Authenticator as a login method, I updated the login class for the user I wanted to use in /etc/login.conf so that its last two lines were:
:auth=-totp,passwd:\
:tc=default:
This allows either Google Authenticator or password authentication at the console, but only Google Authenticator via OpenSSH or OpenVPN as I configured them.  Instead of using "-totp" you can also use "-totp-and-pwd" which requires the entry of both your Google Authenticator code and your password (in that order, with a slash in between them) in order to authenticate.

For OpenSSH, I added the following lines to my sshd_config:
Match User <vpnuser>
     PasswordAuthentication yes
     AuthenticationMethods publickey,password:bsdauth
I don't allow password authentication at all for other users; for this user, an SSH public key must first be used, then Google Authenticator must also be used before a successful login. [Updated 1 Nov 2013 to add:  After a reboot, this ssh config failed with a log message of "fatal: auth2_update_methods_lists: method not in AuthenticationMethods".  Removing the ":bsdauth" made it work again (it works since the "password" authentication method will use BSD Authentication by default), but this looks like an SSH bug.]

So why might you not want to do this?  While Google Authenticator ensures that what is used over the network as a password is better than a typical user-selected password, it effectively stores a shared secret in plaintext at both ends of the connection, which is far less secure than SSH public key authentication.  If the device where Google Authenticator is present gets compromised, that secret is compromised.  And as the above link about totp-cgi points out, if you use Google Authenticator with the same secret across multiple machines, that secret is only as secure as the least secure host it's stored on, and using different secrets for different machines doesn't scale very well with the application.  A password safe with randomly generated passwords, stored in encrypted form, is probably a better solution in most cases. [Updated 2 November 2013: Authy uses the same TOTP mechanism as Google Authenticator, but encrypts the secret key on the client side.  That encryption is really more obfuscation than encryption since the key is based on phone attributes and can potentially be reverse engineered.]

As I've set it up, I'm still relying on SSH public key authentication for SSH logins, and on certificate authentication for VPN logins, in addition to Google Authenticator.  For the case of logging into my VPN from my laptop and having Google Authenticator on a separate mobile device, it does seem to be a security improvement (though I welcome anyone to show me that the gains are illusory).

UPDATE (July 31, 2019): Note that you should make the .totp-key file in the user's home directory owned by and only readable by root, or else you're effectively permitting that user to do passwordless doas/sudo, since passworded doas/sudo will use the TOTP mechanism for authentication. That won't stop the user from removing the .totp-key file and replacing it with their own, but at least that action becomes detectible. To prevent removal, on OpenBSD you can set the file to be immutable (schg flag) and run at securelevel=2. But a better solution would really be to put those secrets somewhere outside of the individual user's home directory.

UPDATE (October 22, 2019): The OpenVPN authentication with 2FA is broken in OpenBSD 6.6, it now leads to user/password authentication failures. Not sure why yet.

UPDATE (October 22, 2019 #2): Looks like it may have been user error, it works now, though I did update my _openvpnusers group to the new number (811) from the old one (596), but the number itself shouldn't be hardcoded in openvpn_bsdauth, so that shouldn't have had an impact.

UPDATE (30 October 2022): Also see Solene Rapenne's blog post on this same topic.

UPDATE (18 June 2024): Note that Authy (and probably any other authenticator app) treats manual secrets entry as case-sensitive even though base32 is not, and secrets must be entered in uppercase.

Friday, April 05, 2013

Matt Dillahunty and disbelief by default

In his recent talk at the American Atheist convention on skepticism and atheism, Matt Dillahunty states (at about five minutes in) that skepticism does tell us what to believe in the case of untestable claims--that the default position is disbelief.

But no, the default position has to be nonbelief, not disbelief.  To disbelieve in a proposition is to believe in the negation of the proposition, to believe that the original proposition is false.  And Dillahunty already said that (a) we should proportion our belief to the evidence and that (b) the proposition in question is untestable, meaning there is no evidence for or against it.

The position he describes is logically inconsistent.

We know that there are untestable propositions that are true.  We shouldn't believe that they are false simply because they are untestable. We should only believe they are false if we have good reasons to believe they are false; in the absence of that we should be agnostic.

(Added 5:36 p.m.: What are the implications for the above argument if it is the case that untestability does not entail lack of evidence or reasons?  What about if we distinguish evidential from non-evidential reasons?  And if we take the latter course, what does that say about proposition (a), above? Left as an exercise for commenters.)

Saturday, March 09, 2013

Isaac Funk and the Widow's Mite

One of the more interesting and better documented cases of surprisingly accurate information from a spirit medium that is described in Deborah Blum's fascinating book, Ghost Hunters: William James and the Search for Scientific Proof of Life After Death (2006, Penguin Books), is the case of Isaac Funk and the Widow's Mite (pp. 260-262).

Funk, of Funk & Wagnall's Dictionary, had been visiting a medium in Brooklyn, New York in February 1903.  About his third visit, he subsequently described the following (in Isaac K. Funk, The Widow's Mite and Other Psychic Phenomena (1904, Funk & Wagnalls), pp. 159-160, now in the public domain due to copyright expiration):
About eleven o'clock the control named "George," in his usual strong masculine voice, abruptly asked: "Has anyone here got anything that belonged to Mr. Beecher?" There was no reply. On his emphatic repetition of the question, I replied, being the only one present, as I felt sure, who had ever had any immediate acquaintance with Mr. Beecher: "I have in my pocket a letter from Rev. Dr. Hillis, Mr. Beecher's successor.  Is that what you mean?" 
The answer was: "No; I am told by a spirit present, John Rakestraw, that Mr. Beecher, who is not present, is concerned about an ancient coin, 'The Widow's Mite.' This coin is out of its place, and should be returned. It has long been away, and Mr. Beecher wishes it returned, and he looks to you, doctor, to return it." 
I was considerably surprised, and asked: "What do you mean by saying that he looks to me to return it? I have no coin of Mr. Beecher's!" 
"I don't know anything about it except that I am told that this coin is out of place, and has been for a number of years, and that Mr. Beecher says you can find it and return it."
I remembered then that when we were making "The Standard Dictionary," some nine years before, I had borrowed from a gentleman in Brooklyn--a close friend of Mr. Beecher's, who died several years ago--a valuable ancient coin known as "The Widow's Mite."  He told me that this coin was worth hundreds of dollars, and, under promise that I would see that it was returned to the collection where it belonged, he would loan it to me. ... 
I said to the control, "The only 'Widow's Mite' that has ever been in my charge was one that I borrowed some years ago from a gentleman in Brooklyn; this I promptly returned"; to which the control replied: 
"This one has not been returned." And then, after a moment's silence, he said: "Do you know whether there is a large iron safe in Plymouth Church?" 
I answered: "I do not." 
He said: "I am impressed that this coin is in a large iron safe, that it has been lost sight of; it is in a drawer in this safe under a lot of papers, and that you can find it, and Mr. Beecher wishes you to find it." 
I said: "Do you mean that this safe is in Plymouth Church?" 
He said: "I don't know where it is. I am simply impressed that it is in a large iron safe in a drawer under a lot of papers, and has been lost sight of for years, and that you can find it, and Mr. Beecher wishes you to find it. That is all that I can tell you."
Funk goes on to inquire of his business manager, who insists that it was returned, and of Mr. Wagnalls and Wheeler, who knew nothing of the coin, but Wheeler, a skeptic, suggests that it's a good test.  Funk asks a cashier, who remembers the coin, but also says that it had been returned, to investigate.  After twenty minutes, the cashier returns with an envelope containing two "Widow's Mites," which was located in one of two safes (the large iron one), in a drawer under papers.

The two coins are a smaller light-colored one and a larger black one, and Funk recalls that the smaller one was used for the illustration in the dictionary and that it was the genuine article, while the other was a fake.  He returns to the medium, and asks which coin is the right one.  Contrary to his belief, the medium (as "George") says that it is the black one, and that the friend of Mr. Beecher's to whom it belongs is a man associated with a large ladies' school in Brooklyn Heights.  Funk recalls that it was borrowed from Prof. Charles E. West, head of a ladies' school in Brooklyn Heights.

Funk sends both coins to the Philadelphia Mint for examination, and they determine that the medium is correct, the black one is the correct one, and the wrong one was used for the illustration in the dictionary.

Funk notes that the preface of the dictionary notes, regarding the illustrations, contains the description "The Widow's Mite (which was engraved from an excellent original coin in the possession of Prof. Charles E. West of Brooklyn, N.Y.)."

Funk's book provides a number of affidavits supporting the recounting of events, including that only two people present with the medium knew of Funk's connection to the coin (Funk and Irving Roney, the latter of whom provided an affidavit), that no one knew that the coin had not been returned, and that the cashier staff had no knowledge of the coin which was in the safe in their office.

The coin was returned to West's son, who also provides an affidavit stating that he was unaware that the coin had not been returned and assumed that it had been.  Funk says he dined repeatedly with the elder West prior to his death, and the coin was never brought up.

Funk proceeds to list a series of facts about the case and some possible explanations (pp. 168ff), and finds difficulties with fraud, coincidence, telepathy and clairvoyance, and spirit communications as explanations, though he appears to favor the last of these.

Funk presented the case to a number of eminent scientists of the day, including William James, Alfred Russell Wallace, and William Crookes, of which those listed were all associated with the SPR or ASPR and each suggested spirits as a possible explanation.  Many of the other scientists and philosophers, however, suggested fraud or deception (see table in Funk's book, pp. 177-178).

As presented in Blum's book, this case seems more impressive than it does with all of the details in Funk's account.  What I find suspicious are that the medium is located in the same city as the person from whom the coin was borrowed, that the connection between the owner of the coin and the illustration was published in Funk's dictionary (omitted by Blum), and that although the son had forgotten about the coin being loaned out, he thought "it altogether likely that his father told at the time other members of his family, and possibly some persons outside the family" (Funk, p. 174).  All that it would take for the fraud hypothesis would be that the medium had heard, second-hand, about the never-returned coin, and speculated that it had been forgotten and was kept in a safe (and perhaps offered a guess about which coin was genuine; that information has no clear source from the details recounted).  Funk infers that because West never brought up the coin that he had forgotten about it, but that is an assumption on his part--perhaps West made periodic complaints about it not having been returned, but didn't mention it to his son.  Funk suggests, based on class distinctions, that no one in the medium circle other than himself would have known that West even existed, which seems a highly questionable assumption.

Wednesday, March 06, 2013

The Decline (and Probable Fall) of the Scientology Empire

My talk from January 19, 2013 to the National Capitol Area Skeptics is now online!

Thanks very much to the NCAS for professionally recording and editing this video.

I've included some notes and comments below.


  • 0:50 & 42:29 "Advanced Teachings" available at all Advanced Orgs are up to OT V. Advanced Orgs can deliver through OT V; OT VI & VII can only be obtained at the Flag Service Organization (FSO) in Clearwater, FL, and OT VIII can only be obtained on Scientology's cruise ship, the Freewinds. See: http://www.xenu.net/archive/ot/
  • 8:01 German U-boat -- I should have said Japanese submarine
  • 9:14 Photo is often claimed to be from 1968 but is really from 1959-60, so Cleve Backster probably wasn't the source of Hubbard's claim, as I originally said in the talk (also see my previous blog post on this topic).
  • 10:53 Aleister Crowley is pronounced "crow-lee," not "craugh-lee" (I have apparently have not broken a bad habit of following Ozzy Osbourne's pronunciation).
  • 13:59 the Fraser Mansion, though referred to by Scientology as the "founding church" from the 1970s to 2010, wasn't the original building. The original building, at 1812 19th St. NW, is now a museum called the L. Ron Hubbard House (though his house was across the street), which the church acquired in 2004. The Fraser Mansion is now Scientology's National Affairs Office.
  • 14:11 The first use of the name "Church of Scientology" was by the Church of Scientology founded in Camden, N.J. in Dec. 1953; the first Church of Scientology corporation was in Los Angeles (Feb. 1954, which became the Church of Scientology of California in 1956), the Church of Scientology of Arizona was incorporated that same year. Hubbard's organization while he lived in Phoenix was the Hubbard Association of Scientologists, International (HASI), founded in Sep. 1952. All HASI assets were folded into the Church of Scientology of California in 1966.
  • 31:07 "Division 20" should have been "Department 20."
  • 32:43 "bad status" -- Scientology "conditions" are a scale, like the tone scale, that your "ethics" are in, which are positive or negative. For each condition there is a "conditions formula" you are supposed to apply to get to the next better condition. Those assigned to the RPF are put in a condition of "liability" (the rag on arm mentioned is a sign of the condition of liability). See: http://www.cs.cmu.edu/~dst/Library/Shelf/wakefield/us-11.html
  • 41:07 PIs following the Broekers--mainly Pat Broeker; after one apparent attempt to leave (described in Lawrence Wright's book, Going Clear), Annie Broeker remained in Scientology until her death. Tony Ortega describes the testimony of the two PIs, who spoke out for one day before their lawsuit with Scientology was settled: http://tonyortega.org/2012/11/29/scientologys-master-spies/
  • 43:22 Lawrence Wright's book says that "Int Base" and "Gold Base" are two different bases at the same location; "Int" being the international headquarters and "Gold" named after Golden Era Studios.
  • 1:05:35 "dog was drowned" -- Judge Swearinger's dog, Duke, a miniature collie, drowned, it's not certain that it "was drowned."
  • 1:07:10 "unable to attend uncle's funeral" -- Hubbard died on January 24, 1986; the Challenger explosion was January 28, 1986.
  • 1:17:43 St. Louis Ideal Org.  The pictured Masonic Temple is not the St. Louis Ideal Org, which is still under construction. (Thanks to ThetanBait on YouTube for this correction.)
  • Narconon's drug purification program involves vitamin (esp. niacin) megadoses, but "injections" is not correct.

Tuesday, January 01, 2013

Books read in 2012


Books read in 2012:
  • Scott Atran, In Gods We Trust: The Evolutionary Landscape of Religion
  • Andrew Blum, Tubes: A Journey to the Center of the Internet
  • Henry A. Crumpton, The Art of Intelligence: Lessons from a Life in the CIA's Clandestine Service
  • Robin Dreeke, It's Not All About "Me": The Top Ten Techniques for Building Quick Rapport with Anyone
  • David Edmonds and John Eidinow, Rousseau's Dog: Two Great Thinkers at War in the Age of Enlightenment
  • Bart D. Ehrman, Did Jesus Exist? The Historical Argument for Jesus of Nazareth
  • Misha Glenny, DarkMarket: How Hackers Became the New Mafia
  • Grant Foster, Noise: Lies, Damned Lies, and Denial of Global Warming
  • Torkel Franzén, Gödel's Theorem: An Incomplete Guide to Its Use and Abuse
  • Andy Greenberg, This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information
  • James Hannam, God's Philosophers: How the Medieval World Laid the Foundations of Modern Science
  • Sam Harris, Lying
  • Joseph Heath, Economics Without Illusions: Debunking the Myths of Modern Capitalism
  • Edward Humes: Monkey Girl: Evolution, Education, Religion, and the Battle for America's Soul
  • Ronald Kessler, The Secrets of the FBI
  • Susan Landau, Surveillance or Security? The Risks Posed by New Wiretapping Technologies
  • Declan McHugh, Bloody London: A Shocking Guide to London's Gruesome Past and Present
  • Robert A. Melikian, Vanishing Phoenix
  • Mike McRae, Tribal Science: Brains, Beliefs, and Bad Ideas
  • P.T. Mistlberger, The Three Dangerous Magi: Osho, Gurdjieff, Crowley
  • Evgeny Morozov, The Net Delusion: The Dark Side of Internet Freedom
  • Eduardo Obregón Pagán, Historic Photos of Phoenix
  • Parmy Olson, We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
  • Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive
  • Ali H. Soufan, with Daniel Freedman, The Black Banners: The Inside Story of 9/11 and the War Against Al-Qaeda
  • Neal Stephenson, REAMDE
  • Cole Stryker, Epic Win for Anonymous: How 4chan's Army Conquered the Web
  • Tim Weiner: Enemies: A History of the FBI
  • Jon Winokur (compiler & editor), The Big Curmudgeon
  • Tim Wu, The Master Switch: The Rise and Fall of Information Empires
I made substantial progress on a few large books:
  • Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems (2nd ed)
  • Mark Dowd, John McDonald, and Justin Schuh, The Art of Software Security Assessment: Identifying and Avoiding Software Vulnerabilities
  • Stephen Pinker, The Better Angels of Our Nature: Why Violence Has Declined
  • James C. Scott, Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed
  • Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications

(Previously: 2011201020092008200720062005.)