[BlueOnyx:26146] Re: BlueOnyx 5210R & 5211R: Two-Factor-Auth (2FA) - released

Michael Stauber mstauber at blueonyx.it
Sun Apr 23 22:12:19 -05 2023 

Hi all,

I just hit the "release" button and the YUM updates that add 
Two-Factor-Auth (2FA) to BlueOnyx 5210R and BlueOnyx 5211R are now 
available via YUM.

The URL below explains all the details and how it works:

https://www.blueonyx.it/auth

As requested by Taco Scargo I also provided the option that SSH Root 
Access can be configured with the option "Without Password". Which 
means: Root can only login by SSH via exchanged SSH keys - if this 
option is enabled.

These YUM updates also tackle a couple of other issues. Recently some 
users reported that after automatic YUM updates their CCEd hadn't been 
restarted. The issue for that has been identified and fixed on 5210R and 
5211R.

An updated BlueOnyx 5211R ISO image has also been released, which 
already contains all YUM updates as of today - including the 2FA 
addition. That iso also fixes some installer issues, such as the web 
based wizard potentially looping and claiming that either CCEd isn't 
running, or that the network hasn't been configured yet.

I also tried building an updated 5210R ISO, but hit a snag with that. As 
AlmaLinux 8.8 is about to be released soon, I'll wait until that ISO is 
out and will then try again, because as far as ISO building goes that'll 
be another major effort.


List of all code changes:

https://devel.blueonyx.it/trac/changeset?reponame=&new=4606%40%2F&old=4582%40%2F


What about BlueOnyx 5209R?

I'm now considering to add 2FA to BlueOnyx 5209R as well. Initially I 
said: Why bother? With the EOL of CentOS 7 and 5209R being June 2024 (14 
months from now) it might not be worth it. Then on the other hand: I 
think it might make it even more important. After all, there are still 
some EL6 based BlueOnyx running as of today (two years, five months 
after the EOL!) and I guess some 5209R will also be kept running far 
longer than they should be kept running. That's all the more reason to 
shore up their defense ahead of time.

So: I'll look into that as well, although with a lesser sense of urgency.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list