Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-27 00:09:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jschaul-patch-1'

Browse Source
This commit is contained in:
Andrew David Wong 2019-10-13 20:12:48 -05:00
commit a2420822c3
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
external/security-guides/multifactor-authentication.md vendored
View File

@ -67,26 +67,29 @@ Optional Preparation Steps
[minimal Fedora template][FedoraMinimal]. Get it if you haven't already done [minimal Fedora template][FedoraMinimal]. Get it if you haven't already done
so: so:
[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-26-minimal [user@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-30-minimal
2. Since we'll be making some modifications, you may want to clone the minimal 2. Since we'll be making some modifications, you may want to clone the minimal
template: template:
[user@dom0 ~]$ qvm-clone fedora-26-minimal fedora-26-min-mfa [user@dom0 ~]$ qvm-clone fedora-30-minimal fedora-30-min-mfa
3. To open a root shell on the minimal template (for details, see [Passwordless Root]), run the following command:
3. Since this is going to be a minimal environment in which we run `oathtool` [user@dom0 ~]$ qvm-run -u root fedora-30-min-mfa xterm
4. Since this is going to be a minimal environment in which we run `oathtool`
from the command line, we'll install only a couple of packages: from the command line, we'll install only a couple of packages:
[user@fedora-26-min-mfa ~]$ su - [root@fedora-30-min-mfa ~]# dnf install oathtool vim-minimal
[user@fedora-26-min-mfa ~]# dnf install oathtool vim-minimal [root@fedora-30-min-mfa ~]$ poweroff
[user@fedora-26-min-mfa ~]$ poweroff
4. Create an AppVM and set it to use the TemplateVM we just created: 5. Create an AppVM and set it to use the TemplateVM we just created:
[user@dom0 ~]$ qvm-create -l black mfa [user@dom0 ~]$ qvm-create -l black mfa
[user@dom0 ~]$ qvm-prefs -s mfa template fedora-26-min-mfa [user@dom0 ~]$ qvm-prefs -s mfa template fedora-30-min-mfa
5. Isolate the new AppVM from the network: 6. Isolate the new AppVM from the network:
[user@dom0 ~]$ qvm-prefs -s mfa netvm none [user@dom0 ~]$ qvm-prefs -s mfa netvm none
@ -135,7 +138,7 @@ is largely the same.
[user@mfa ~]$ > google [user@mfa ~]$ > google
[user@mfa ~]$ vi google [user@mfa ~]$ vi google
#!/bin/bash #!/usr/bin/env bash
##My Google Account ##My Google Account
##me@gmail.com ##me@gmail.com
oathtool --base32 --totp "xd2n mx5t ekg6 h6bi u74d 745k n4m7 zy3x" oathtool --base32 --totp "xd2n mx5t ekg6 h6bi u74d 745k n4m7 zy3x"
@ -184,3 +187,4 @@ is largely the same.
[Google Authenticator]: https://en.wikipedia.org/wiki/Google_Authenticator [Google Authenticator]: https://en.wikipedia.org/wiki/Google_Authenticator
[FedoraMinimal]: /doc/Templates/FedoraMinimal/ [FedoraMinimal]: /doc/Templates/FedoraMinimal/
[usage]: https://en.wikipedia.org/wiki/Google_Authenticator#Usage [usage]: https://en.wikipedia.org/wiki/Google_Authenticator#Usage
[Passwordless Root]: /doc/templates/minimal/#passwordless-root