Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2FA #1078

Closed
indomitorum opened this issue Oct 27, 2021 · 8 comments
Closed

2FA #1078

indomitorum opened this issue Oct 27, 2021 · 8 comments

Comments

@indomitorum
Copy link

Is 2FA something Umbrel is working on?. It certainly lacks more security as access to your node by a bad actor can drain your funds.
@dsbaars
Copy link

dsbaars commented Nov 13, 2021

This is already mentioned in issue #985 but adding this as a separate issue might help in actually building this feature.

@indomitorum
Copy link
Author

After the recent events. I do think that this is a priority even if Umbrel doesn't as I have been told recently.

@dsbaars
Copy link

dsbaars commented Nov 18, 2021

I finished building this functionality yesterday.

  • It works with every Google Authenticator-compatible TOTP app.
  • It adds extra security to the Umbrel dashboard, which is also exposed over Tor.
  • It is optional to use.
20211117-2fa-demo.mp4

I'm already using it on my Umbrel mainnet environment as well, my only concern is that the user.json needs a manually addition at this moment. I can't seem to find any migration hooks in the update scripts, or am I missing something here?

@AaronDewes
Copy link
Contributor

Can you share some code? What exactly is required to be added to user.json manually during the update script?

@mayankchhabra
Copy link
Member

mayankchhabra commented Nov 18, 2021
edited
Loading

That looks very well done! Great job, @dsbaars. Thanks for taking this on!

Migration code to update user.json can be added to scripts/update/01-run.sh which will be automatically executed on the next OTA update. See for example this piece of code that stripped Lightning Terminal's password in the last OTA update:

umbrel/scripts/update/01-run.sh

Lines 239 to 244 in dae920c

# Handle stripping hardcoded password for lightning-terminal app
lightning_terminal_conf="${UMBREL_ROOT}/app-data/lightning-terminal/data/.lit/lit.conf"
if [[ -f "${lightning_terminal_conf}" ]]; then
echo "Found lightning-terminal install, attempting to strip hardcoded password..."
sed -i 's/uipassword=moneyprintergobrrr//' "${lightning_terminal_conf}"
fi

@dsbaars
Copy link

dsbaars commented Nov 18, 2021

Can you share some code? What exactly is required to be added to user.json manually during the update script?

Here is the code:
@dsbaars/umbrel-manager#feature/2fa
@dsbaars/umbrel-dashboard#feature/2fa

Two keys need to be added to user.json:

{
  "totpKey": "",
  "totpEnabled": false
}

This was referenced Nov 18, 2021
Closed
Closed
@Dar1Theory
Copy link

Ok, I've downloaded 4.9. I didn't turn on 2fa on either node. However, one node works (no 2fa) the other is asking for my 2fa (which obviously I don't have since I didn't set it up).
Please tell me what conf or json contains the "turn 2fa off" switch?

@nmfretz
Copy link
Collaborator

nmfretz commented May 29, 2023

Closed by:
getumbrel/umbrel-manager#112
getumbrel/umbrel-manager#112

@nmfretz nmfretz closed this as completed May 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dsbaars @mayankchhabra @AaronDewes @nmfretz @Dar1Theory @indomitorum