Two-factor authentication (TOTP) for FTP/SFTP protocol

You can share your Lua Scripts with everybody here.
Post Reply
FTP
Site Admin
Posts: 2162
Joined: Tue Sep 29, 2009 6:09 am

Two-factor authentication (TOTP) for FTP/SFTP protocol

Post by FTP »

FTP/SFTP protocol is not suitable for two-factor authentication. If you really want to handle it with FTP/SFTP, you can add the following Lua script to the event "Domain > Event Manager > FTP/SSH Events > BeforeUserLoggedIn":

Code: Select all

local domain = "%Domain"
local user = c_GetUser("%Domain", "%Name")
local checked = false

if user ~= nil then
  local temppass = "%Password"
  local hashpass = ""
  local arraypass = ""

  if user.enable_two_factor == true and string.find(temppass, ":") then
    arraypass = Split(temppass, ":")
    temppass = arraypass[1]
  end

  if c_GetOptionInt(domain, DOPTION_ENABLE_PASS_SALTING) == 1 then
    local salt_string = c_GetOptionStr(domain, DOPTION_SALTING_STRING)
    temppass = temppass..salt_string
  end

  if c_GetOptionInt(domain, DOPTION_ENABLE_SHA256) == 1 then
    hashpass = sha2(temppass)
  else
    hashpass = md5(temppass)
  end

  if user.password == hashpass then
    checked = true
    if user.enable_two_factor == true then
      if c_TotpCode(user.two_factor_code) ~= arraypass[2] then
        checked = false
      end
    end
  end
end


if checked == true then
  bSelfAuthenticated  = true
else
  bCancelEvent = true
end

The password for the login attempt should be "Password:OTPcode", like "xxyyzz:123456".
Top
Post Reply

Return to “Lua scripts”