{"id":146,"date":"2011-02-19T11:21:38","date_gmt":"2011-02-19T16:21:38","guid":{"rendered":"http:\/\/rud.is\/b\/?p=146"},"modified":"2017-03-27T08:59:57","modified_gmt":"2017-03-27T13:59:57","slug":"securing-su-with-google-authenticator","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","title":{"rendered":"Securing ‘su’ with Google Authenticator"},"content":{"rendered":"

Google’s new do-it-yourself two-factor authentication<\/a> (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good\/quick tutorial<\/a> up on his company’s blog for acquiring, compiling and setting up Google Authenticator for ssh<\/span> sessions.<\/p>\n

\n

NOTE<\/strong>: On the Ubuntu VPS I was doing testing on, I had to add the libpam0g-dev <\/span>& libpam0g<\/span> packages to get Google Authenticator to work.<\/p>\n<\/blockquote>\n

I’m pointing out the obvious (if you’ve read either Google’s link or the tutorial), but the Authenticator comes with a PAM<\/span> (pluggable authentication module) library that literally just drops into any pam<\/span> configuration file. This means you aren’t limited to the ssh<\/span> integration, which opens up many possibilities (one of which is mod_auth_pam<\/a><\/span> for Apache which I haven’t tried yet).<\/p>\n

I would argue that there is limited value from the ssh<\/span> integration as most folks probably have certificate login enabled. However, one area that I can see being of interest is in securing use of su<\/span> to\u00a0root<\/span>. If you have more control over who has the ability to perform full privilege escalation, your system is that much less at risk from being usurped or accidentally broken (there’s actually a whole company<\/a> built around that concept).<\/p>\n

Detractors will point out that VPS setups would still be at risk from hosting admins having virtual disk image access and may further point out that even a locked cage in a hosting data center can be bolt-cut, but \u00a0I would argue that the whole point of engaging in such a pursuit would be to reduce<\/strong> risk to your environment (not eliminate<\/em> risk).<\/p>\n

I will<\/em> say that securing root su<\/span> with two-factor authentication while doing nothing to secure sudo<\/span> is pretty much pointless. If you have no restrictions on sudo<\/span>, anyone who gains control of an account that is allowed to sudo<\/span> with superuser privileges will be able to bypass your two-factor su config (and could compromise the integrity of your system even without root su<\/span> access). Also, if you have more than one user who needs access to root su<\/span>, you will be sharing the authenticator setup with them.<\/p>\n

I still believe this is a worthwhile exercise even with those caveats, especially since it’s so simple to setup\/teardown. After getting the Google Authenticator installed, issue google-authenticator<\/span> from your root<\/span> account. Transcribe and secure the QR code URL, secret key, verification code and emergency scratch codes in the event you have problems with you digital authenticator app (I keep the scratch codes on a small piece of paper that is always with me and stored securely at home as well).<\/p>\n

Use manual input or the QR code scan to add the account to your authenticator app and then make the following addition to the \/etc\/pam\/su<\/span> config file:<\/p>\n

[sourcecode language=”text” light=”true”]
\nauth required pam_google_authenticator.so
\n[\/sourcecode]<\/div>\n

I have mine before all the session configs.<\/p>\n

When you issue your “su –<\/span>” command you will be prompted for both the code and the root<\/span> password:<\/p>\n

[sourcecode language=”text” light=”true”]
\n$ su –
\nVerification code:
\nPassword:
\n[\/sourcecode]<\/div>\n

I’ll be experimenting with integrating Google Authenticator with various administrative login systems (e.g. WordPress, Drupal) and maybe even as a generic auth module for various web app frameworks and would be interested in any other uses you have for Google Authenticator<\/p>\n","protected":false},"excerpt":{"rendered":"

Google’s new do-it-yourself two-factor authentication (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good\/quick tutorial up on his company’s blog for acquiring, compiling and setting up Google Authenticator for ssh sessions. NOTE: On the Ubuntu VPS I was doing testing on, I had to add the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[49,3,13,14],"tags":[251,256,244,257,220,248,245,247,249,253,252,250,255,254,737,246],"class_list":["post-146","post","type-post","status-publish","format-standard","hentry","category-authentication","category-information-security","category-linux","category-ubuntu","tag-authenticator","tag-cryptographic-protocols","tag-google","tag-identity-management-systems","tag-internet-protocols","tag-linux-system","tag-login-systems","tag-nick-wilkens","tag-secret-key","tag-secure-shell","tag-su","tag-sudo","tag-system-administration","tag-two-factor-authentication","tag-ubuntu","tag-web-app-frameworks"],"yoast_head":"\nSecuring 'su' with Google Authenticator - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing 'su' with Google Authenticator - rud.is\" \/>\n<meta property=\"og:description\" content=\"Google’s new do-it-yourself two-factor authentication (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good\/quick tutorial up on his company’s blog for acquiring, compiling and setting up Google Authenticator for ssh sessions. NOTE: On the Ubuntu VPS I was doing testing on, I had to add the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-19T16:21:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-03-27T13:59:57+00:00\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Securing ‘su’ with Google Authenticator\",\"datePublished\":\"2011-02-19T16:21:38+00:00\",\"dateModified\":\"2017-03-27T13:59:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\"},\"wordCount\":573,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"keywords\":[\"Authenticator\",\"Cryptographic protocols\",\"Google\",\"Identity management systems\",\"Internet protocols\",\"linux system\",\"login systems\",\"Nick Wilkens\",\"secret key\",\"Secure Shell\",\"Su\",\"Sudo\",\"System administration\",\"Two-factor authentication\",\"Ubuntu\",\"web app frameworks\"],\"articleSection\":[\"Authentication\",\"Information Security\",\"Linux\",\"Ubuntu\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\",\"url\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\",\"name\":\"Securing 'su' with Google Authenticator - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"datePublished\":\"2011-02-19T16:21:38+00:00\",\"dateModified\":\"2017-03-27T13:59:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing ‘su’ with Google Authenticator\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\""In God we trust. All others must bring data"\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing 'su' with Google Authenticator - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","og_locale":"en_US","og_type":"article","og_title":"Securing 'su' with Google Authenticator - rud.is","og_description":"Google’s new do-it-yourself two-factor authentication (Google Authenticator) enables you to setup stronger logins on your linux system. Nick Wilkens (@nwilkens) has a good\/quick tutorial up on his company’s blog for acquiring, compiling and setting up Google Authenticator for ssh sessions. NOTE: On the Ubuntu VPS I was doing testing on, I had to add the […]","og_url":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","og_site_name":"rud.is","article_published_time":"2011-02-19T16:21:38+00:00","article_modified_time":"2017-03-27T13:59:57+00:00","author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Securing ‘su’ with Google Authenticator","datePublished":"2011-02-19T16:21:38+00:00","dateModified":"2017-03-27T13:59:57+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/"},"wordCount":573,"commentCount":3,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"keywords":["Authenticator","Cryptographic protocols","Google","Identity management systems","Internet protocols","linux system","login systems","Nick Wilkens","secret key","Secure Shell","Su","Sudo","System administration","Two-factor authentication","Ubuntu","web app frameworks"],"articleSection":["Authentication","Information Security","Linux","Ubuntu"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","url":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/","name":"Securing 'su' with Google Authenticator - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"datePublished":"2011-02-19T16:21:38+00:00","dateModified":"2017-03-27T13:59:57+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2011\/02\/19\/securing-su-with-google-authenticator\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Securing ‘su’ with Google Authenticator"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":""In God we trust. All others must bring data"","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-2m","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":22211,"url":"https:\/\/rud.is\/b\/2024\/08\/26\/reading-pcap-files-directly-with-duckdb\/","url_meta":{"origin":146,"position":0},"title":"Reading PCAP Files (Directly) With DuckDB","author":"hrbrmstr","date":"2024-08-26","format":false,"excerpt":"2024-08-30 UPDATE: Binary versions of this extension are available for amd64 Linux (linux_amd64 & linux_amd64_gcc4) and Apple Silicon. (osx_arm64). $ duckdb -unsigned v1.0.0 1f98600c2c Enter \".help\" for usage hints. Connected to a transient in-memory database. Use \".open FILENAME\" to reopen on a persistent database. D SET custom_extension_repository='https:\/\/w3c2.c20.e2-5.dev\/ppcap\/latest'; D INSTALL ppcap;\u2026","rel":"","context":"In "duckdb"","block_context":{"text":"duckdb","link":"https:\/\/rud.is\/b\/category\/duckdb\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12718,"url":"https:\/\/rud.is\/b\/2020\/04\/01\/uaparserjs-updated-on-cran-using-webpack-to-make-v8-application-bundles\/","url_meta":{"origin":146,"position":1},"title":"{uaparserjs} Updated on CRAN & Using webpack to Make {V8} Application Bundles","author":"hrbrmstr","date":"2020-04-01","format":false,"excerpt":"Just a quick note that thanks to a gentle nudge an updated version of {uaparser} --- a package that processes User Agent strings web clients send to servers --- is making its way to all the CRAN mirrors and is also available on CINC. The most significant change is a\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11369,"url":"https:\/\/rud.is\/b\/2018\/08\/11\/connecting-apache-zeppelin-and-apache-drill-postgresql-etc\/","url_meta":{"origin":146,"position":2},"title":"Connecting Apache Zeppelin and Apache Drill, PostgreSQL, etc.","author":"hrbrmstr","date":"2018-08-11","format":false,"excerpt":"A previous post showed how to use a different authentication provider to wire up Apache Zeppelin and Amazon Athena. As noted in that post, Zeppelin is a \"notebook\" alternative to Jupyter (and other) notebooks. Unlike Jupyter, I can tolerate Zeppelin and it's got some nifty features like plug-and-play JDBC access.\u2026","rel":"","context":"In "Apache Drill"","block_context":{"text":"Apache Drill","link":"https:\/\/rud.is\/b\/category\/apache-drill\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/08\/z-drill-2.png?fit=1200%2C542&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/08\/z-drill-2.png?fit=1200%2C542&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/08\/z-drill-2.png?fit=1200%2C542&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/08\/z-drill-2.png?fit=1200%2C542&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2018\/08\/z-drill-2.png?fit=1200%2C542&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":690,"url":"https:\/\/rud.is\/b\/2011\/12\/18\/an-open-letter-to-it-vendors-for-2012\/","url_meta":{"origin":146,"position":3},"title":"An Open Letter to IT Vendors For 2012","author":"hrbrmstr","date":"2011-12-18","format":false,"excerpt":"Dear $VENDOR, 2012 is nigh upon us and with the new year, I am throwing down a challenge to each and every IT vendor out there. 2011 was a brutal year of incidents, breaches, outages and FUD and the last thing anyone needs is a repeat performance. Instead, please take\u2026","rel":"","context":"In "Information Security"","block_context":{"text":"Information Security","link":"https:\/\/rud.is\/b\/category\/information-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5131,"url":"https:\/\/rud.is\/b\/2017\/03\/10\/making-a-case-for-case_when\/","url_meta":{"origin":146,"position":4},"title":"Making a Case for case_when","author":"hrbrmstr","date":"2017-03-10","format":false,"excerpt":"This is a brief (and likely obvious, for some folks) post on the dplyr::case_when() function. Part of my work-work is dealing with data from internet scans. When we're performing a deeper inspection of a particular internet protocol or service we try to capture as much system and service metadata as\u2026","rel":"","context":"In "dplyr"","block_context":{"text":"dplyr","link":"https:\/\/rud.is\/b\/category\/dplyr\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/03\/Cursor_and_RStudio.png?fit=1200%2C464&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/03\/Cursor_and_RStudio.png?fit=1200%2C464&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/03\/Cursor_and_RStudio.png?fit=1200%2C464&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/03\/Cursor_and_RStudio.png?fit=1200%2C464&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2017\/03\/Cursor_and_RStudio.png?fit=1200%2C464&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":5954,"url":"https:\/\/rud.is\/b\/2017\/05\/16\/r%e2%81%b6-using-r-with-amazon-athena-awas-temporary-security-credentials\/","url_meta":{"origin":146,"position":5},"title":"R\u2076 \u2014 Using R With Amazon Athena & AWS Temporary Security Credentials","author":"hrbrmstr","date":"2017-05-16","format":false,"excerpt":"Most of the examples of working with most of the AWS services show basic username & password authentication. That's all well-and-good, but many shops use the AWS Security Token Service to provide temporary credentials and session tokens to limit exposure and provide more uniform multi-factor authentication. At my workplace, Frank\u2026","rel":"","context":"In "R"","block_context":{"text":"R","link":"https:\/\/rud.is\/b\/category\/r\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=146"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/146\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}