Topic: Daily password change, for users and/or root/admin.

[HomePlayer]

Daily password change, for users and/or root/admin.
   Why you ask.
Well not only I but also my colleges are login in from different places. From different systems. I think of keyloggers and password sniffers.


I would like to create a cronjob that runs every night at 00:00hour

This script should compose the password whit the following format;

1.   ‘ab’ = current day (number 01/31)
2.   ‘cc’ = current day (mo,th,we,th,vr,sa,so) or so
3.   ‘user a’ = 1111
         ‘user b’ = 2222
         Admin/root
         Etc

Whit those strings composing a password for every user

Something like this for ‘user a’ ;
Today date = Monday 16th
His personal string = 1111

7 characters are needed
 Lets say ever second using the shift
(So if the password was 2222222 this would become 2@2@2@2)

1.   So lets take the firs 2 character from his personal string. -1! (second character using shift)
2.   the second character of the day – 1!6
3.   current day ‘cc’ – 1!6Mo
4.   the last 2 character from his personal string – 1!6Mo!1
5.   the first character of the day 1!6Mo!1!

so tomorrow this password would be 1!7Di!1!

Off Corse this is just a thought, we could make this more difficult.

--EDIT mode--

since sending a SMS isn't that hars any more.
https://myaccount.voipbuster.com/clx/sendsms.php?username=xxxxxxxxxx​ &password=xxxxxxxxxx&from=xxxxxxxxxx&to=xxxxxxxxxx&text=xxxxxxxxxx

this could als so be done send a random code/string to the user

Further more I would like to limit a the https and VPN connections per user/admin to 1,
Now it is possible to connect whit VPN as many times according to the settings in the server-manager “Number of PPTP clients”
I would like to know how I can configure that a user can login only once.

 

[cactus]

Daily password change, for users and/or root/admin.
   Why you ask.
Well not only I but also my colleges are login in from different places. From different systems. I think of keyloggers and password sniffers.

I think you are being way to worried about safety...

I would like to create a cronjob that runs every night at 00:00hour

This script should compose the password whit the following format;

1.   ‘ab’ = current day (number 01/31)
2.   ‘cc’ = current day (mo,th,we,th,vr,sa,so) or so
3.   ‘user a’ = 1111
         ‘user b’ = 2222
         Admin/root
         Etc

... and have chosen for a wrong method that makes you feel save, but in fact not really is.

If you setup VPN properly, using certficates (with a password) you make the user member of the local domain and use an encrypted connection that can only be established if the user has the correct certficate, matching the complement at the server, and the proper password.
If you choose strong passwords, you are better of than generating passwords with logic like you describe above (only 10e7 possibilities using digits), or even much stronger. Any logic, or lack of randomness, defeats the purpose.

With VPN the user seems to be local to the network and does not have to think about his password every day. Remember that if a user can recreate the password for that day, using plain logic, a brute force attack by a computer or bot would not be that hard, especially if multiple succesive password are obtained useing mentioned keylogger.

For starters have a look at this page on setting up Private-Public keys SSH access as well as setting up VPN on your server, this information is in the wiki as well:

• SME Server Administration Manual on VPN
• Practical tips on VPN