Have you considered doing client cert instead? It sounds like it may be less work.
> On Feb 12, 2019, at 2:25 AM, Michael Christopher Robinson > <[email protected]> wrote: > > So SMS isn't that secure... I figured as much. I'm thinking I can > inexpensively add GPS equipment to Linux laptops and desktops so that > in theory I should be able to send my GPS coordinates to the server. > If the server receives acceptable GPS coordinates and a valid client > identifier from the client securely... that can be the trigger to > allow access to rainloop and effectively thwart dictionary attackers. > There are android and IOS apps that allow ssh, but I'm wanting scp and > scp only I think. Can javascript trigger a secure data exchange > between the client and the server? How do I dynamically program Apache > to only allow pre authorized source IP addresses to access rainloop? > The IP list should self prune within reason because the trusted client > devices are not always using the same IP address. When you try to go > to https://goose.robinson-west.com, you should either get an identify > yourself page or rainloop depending on whether or not I trust you yet. > I'm thinking the identify yourself page needs to get you the client to > send the GPS coordinates and the the secret key if you have it in a > secure manner. If the secret key matches for an accepted device and > the GPS coordinates land in an acceptable geographic region for that > device, you are golden. Whether I need a special security service that > I write or I need ecmascript is not clear. > > I envision a server having a range of GPS coordinates it can accept, > and a list of 256 digit numbers it trusts. For example, I know I'm > going to be inside the US, so I allow GPS coordinates that land within > US territory. Not sure how to accomplish this though... If I choose > to travel to Canada, how do I allow for that??? > > Of primary importance is getting a pre determined client identifier > from client to server securely, I can always add on GPS coordinates > later. > > With Apache the common thing is to allow all clients or require all > granted I believe. I want something like require all listed or > redirect all not listed instead. > > -- Michael C. Robinson > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug -- Louis Kowolowski [email protected] <mailto:[email protected]> Cryptomonkeys: http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/> Making life more interesting for people since 1977 _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
