this post was submitted on 02 Jan 2024
59 points (98.4% liked)

Linux

48332 readers
352 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

ubuntu 23.10

I can access my employer’s local network if I authenticate with a 2fa. They suggest proprietary software, but aegis authenticator (found in fdroid) works fine.

The thing is, the phone’s screen is too small and it’s very cumbersome to navigate the screen and to click. It’s so bad I don’t want to use it, because fonts are so small you cannot read anything. It’s like they didn’t even try to optimize the local network for devices.

However, if I could emulate this app on an ubuntu based computer, I’d use it. Can it be done?

top 23 comments
sorted by: hot top controversial new old
[–] [email protected] 43 points 10 months ago* (last edited 10 months ago) (1 children)

you can just use any other OTP application on Linux like https://gitlab.gnome.org/World/Authenticator or https://apps.kde.org/keysmith/, they all follow the same protocol
you can export your keys in Aegis and import them in most applications

[–] [email protected] 22 points 10 months ago (1 children)

Of course there is a KDE app that is feature packed and beautiful and no live being has heard or known about.

[–] [email protected] 3 points 10 months ago

Hahahaha so true

[–] [email protected] 10 points 10 months ago* (last edited 10 months ago)

At a glance, it looks like Aegis generates standard TOTP tokens, which means there's a lot of software that can do the same thing, so you don't need to emulate Aegis. I use pass-otp (an extension to pass), but that's command-line-only, and a lot to deal with if you're not already using pass. From a quick search, it looks like Keysmith and OTPClient are decent graphical alternatives. From another quick search, OTPClient is available in Ubuntu 23.10.

Edit: Re-reading your post, your issue is that you don't like logging in on your phone, right? But Aegis just provides the code, you should be able to use the code from your phone to log in on your computer. TOTP codes are only affected by the secret values and the current time, so the code generated on your phone can be used on any device.

[–] [email protected] 6 points 10 months ago

You can also mirror your Android screen via Scrcpy https://github.com/Genymobile/scrcpy

Open Aegis, go to settings and then disable screen security. (Enabling screen security helps protect against and malicious screen capturing by malware)

From there, it will show your Aegis screen on your PC. It requires ADB access so it depends on if you have that installed or can install it. But the link can get you through that part. :)

[–] [email protected] 5 points 10 months ago

Otpclient can open Aegis exports directly.

[–] [email protected] 5 points 10 months ago* (last edited 10 months ago)

I don't understand the scenario here. Typically, you only need the TOTP (time-based one-time password) from your 2FA app, enter it on your computer, and you can use the computer to access your resources. The app itself is actually not even supposed to be on the same device, as an added layer of security.

It sounds like you need 2FA to run your company's VPN (is that correct?). On your computer, you would launch the VPN, it'll ask you for the TOTP (which you get from Aegis on your phone), and then you're logged in and able to access company resources (on your computer).

[–] [email protected] 4 points 10 months ago

Copy the totp seed from aegis and use something like keepassxc to generate the codes

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago)

https://github.com/marcopaganini/termotp is a CLI authenticator program with fuzzy find capabilities explicitly designed to work with Aegis export files.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

There's nothing special, it can be replaced with any TOTP/HOTP implementation. In particular, oathtool is supplied in most distros (it has only command line interface, probably there are also some GUI tools in your repos). However it does not support JSON key format that is provided as QR code for mobile 2FA apps. You have to copy and paste values from it manually.

However this will likely violate your employer's security policy. The point of 2FA is that secret key is stored on a separate device, so that it cannot be stealed together with your password.

I recommend to try other Android apps on your phone. I use FreeOTP+ and have no problems with font readability. Some of my collegues use AndOTP and like it.

[–] [email protected] 3 points 10 months ago

I would recommend using a native 2fa app for Ubuntu. This answer https://askubuntu.com/a/1460646 recommends keepassxc, which is also a password manager that I personally use for passwords but I've not used its 2fa function. I also found this app https://gitlab.gnome.org/World/Authenticator

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

my method for running Android apps on my distro is to run an Android 9.0-r2 VM on QEMU/KVM via virt-manager

maybe this might work for you?

here's a guide I found for setting up Virt-manager on Ubuntu

and here's a vid for setting up Android x86 on Virt-manager

  • not sure if this is the exact same vid I used but it should suffice

hope this works/fits your use case!

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago) (1 children)

Just use Waydroid instead: https://waydro.id, much lower overhead, however you need to mess with ARM emulation. For installing Google Apps and Device not Play certified: https://github.com/casualsnek/waydroid_script

More info: https://wiki.archlinux.org/title/Waydroid

[–] [email protected] 2 points 10 months ago

That's pretty neat! I didn't know about Waydroid till now

however you need to mess with ARM emulation.

not sure about Arch as I'm on NixOS now and the implementation seems to be straightforward but I'll keep an eye on your note if I do encounter issues

thanks!🤗

[–] [email protected] 3 points 10 months ago

As an IT Technician/Sysadmin I highly recommend you use the one your IT team told you to use. If you run into issues they'll be able to help but not if your using some obscure app they've never heard of.

[–] [email protected] 2 points 10 months ago

No actual answer, but I'd suggest reading your employers computer use policy carefully - for me at least, sharing an OTP secret with an unauthorized application would be a pretty serious policy breach. Probably wouldn't get fired for it (unless it resulted in an actual breach) but would definitely get a "don't do that again" letter from HR

[–] Grass 2 points 10 months ago

There are surely native totp apps for this on Linux and I haven't used Ubuntu in a million years but if you really want to do specifically this maybe waydroid.

[–] [email protected] 2 points 10 months ago

Firefox has 2FA extensions. Just remember that if both your authentications are on one device, you're not getting a huge security boost.

[–] [email protected] 2 points 10 months ago

You might be about to just run a native 2fa application like Authenticator.

Outside of that, Waydroid is an option.

[–] [email protected] 1 points 10 months ago

You can migrate all your keys to KeepassXC.

[–] [email protected] 1 points 10 months ago

This is why we can't have nice things.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

I used to use KDE's Keysmith until I put all my OTP codes into bitwarden

[–] [email protected] 1 points 10 months ago

Just to add to the QEMU/KVM comment: you can also run an android emulator. The install process is a bit annoying (and contains too many "trust me bro" downloads from Google servers), but it is simple enough and you should be done in around 2h, modulo your uplink.

And at that point, using scrcpy actually helps with the keyboard input.