Use push on mobile for 2FA

Search…
Use the Pushover app to receive one-time tokens
Use push messages for 2FA
RPort supports sending one-time tokens to mobile phones via Pushover. Pushover is a very tiny and versatile app available for Android and IOS.
By creating a custom script you can send the token via any delivery method. This enables you to use Telegram or other messengers too. Learn more.
You can use the app free for 30 days and after that trial it costs ~€6,00. This is a one-time payment. Receiving messages is free. 
Install the app on your mobile and create your account. Or go to pushover and create your account there. Each person who wants to receive tokens on the mobile need its own Pushover account.
With a Pushover account, you are allowed to receive and to send messages. Only receiving is enabled by default. To set up the 2FA you need to enable sending too. This must be done only by one person, typically the main administrator of the RPort server. 
Create your account and generate a token
Go to https://pushover.net and log in to your account (top-right corner). The credentials are the same on the mobile and on the web. 
Scroll down to "Your Applications" and create a "new application/API Token". This enables sending messages.
Enable message sending by creating an application
Enter RPort as the name of the application and confirm the terms. A token is displayed. This is your sender token. 
Your token for sending messages
You now have
1.
a user key, that is for receiving messages
2.
And an application API token, that is for sending messages.
Test your key and token
Log in to your rport server via SSH and execute the following test command. You should receive a push message almost instantly on your mobile.
1
API_TOKEN=<APPLICATION_API_TOKEN>
2
USER_KEY=<YOUR_PERSONAL_KEY>
3
curl -s \
4
  --form-string "token=${API_TOKEN}" \
5
  --form-string "user=${USER_KEY}" \
6
  --form-string "message=hello world" \
7
  --form-string "title=Just a test" \
8
  https://api.pushover.net/1/messages.json
Copied!
If the test message was sent successfully, proceed to the next step. If not, double-check you are using the right key and token.
Activate 2FA on the rport server
Open the configuration file /etc/rport/rportd.conf with an editor. Scroll down to the where two-factor is configured, and add the following lines.
1
two_fa_token_delivery = 'pushover'
2
two_fa_token_ttl_seconds = 600
Copied!
Scroll further down to the [pushover] section and enter your API token and one user key. Restart the rport server with systemctl restart rportd.
The user key is only used to verify the pushover connection on server start. No messages will be sent to this user key. User keys for sending the one-time token are configured per user. Entering the key of one user is harmless because the key doesn't provide access to the user account or any other personal data.
If the server refuses to start, execute the following command to see what's going wrong.
1
su - rport -s /bin/bash -c "rportd -c /etc/rport/rportd.conf"
Copied!
Update the database
If the server is running after you made the above changes – check with systemctl status rportd – enter at least one pushover user key to the database.
1
DB_FILE=/var/lib/rport/user-auth.db
2
USER_KEY=<YOUR_KEY>
3
cat <<EOF|sqlite3 $DB_FILE
4
UPDATE users SET two_fa_send_to="$USER_KEY" WHERE username="admin";
5
EOF
Copied!
This will update the user key of the user admin. The keys of all other users can be updated via the web UI. Changing the database doesn't require a server restart.
Try to log in with your username and password. A message "Verify it's you" should appear, and your mobile should ring.
Token sent to your mobile.
​
Enable two factor authentication
Connecting Clients
Last modified 2mo ago
Export as PDF
Copy link