A road to two-factor auth for WHS

I love Windows Home Server very much, and recommend it constantly. I did a lot of research before settling on a backup solution and I can confidently say that WHS meets and exceeds all my requirements. What I wanted was centralized storage and backup, and what I ended up with was that in spades, plus a whole lot more besides.

One of my favorite features that I didn’t even know I needed is the remote access support in WHS. I can log on to my server remotely, download and upload files, view photo albums, and even make proxied remote desktop connections into my home pcs/mediacenter. BUT, this brings me to my main complaint about WHS. There is no built-in support for strong authentication. If I’m exposing all my data and machines to the internet at large, I want a lot more than a keyloggable password standing in the way.

So, I’m working on an add-in that will enable some two-factor auth models, and I will be recording my efforts here. My solution will revolve around introducing a model to enable requiring a one time password in addition to the remote access acount password, and initially I will be suppporting OTPs furnished by the yubikey token. The yubikey is a cheap hardware OTP token that uses all open source software in the backend.

I already have most of the prep-work done for this project, and am just waiting for my yubikeys to arrive. I’ll be detailing more of my solution as I go along, and I’ll be publishing this project on codeplex once I can do some concrete testing and stabilization, and I hope it will help the community improve authentication on the WHS platform.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: