Opening an access to your servers means a lot of people will try to hack your system. Shell in a box authenticates user, however the gui does not have any authentication. Hence I want to some authentication with small effort. I want to use htpasswd. But I want to use 2 factor authentication. The first step of authentication will be OTP, and the second step will be performed by ssh.
After some searches (it was very easy), I found mod_authn_otp project. I compiled and deployed on my server. For configuration, you need very simple directives in apache config:
AuthType basic AuthName "OTP Auth" AuthBasicProvider OTP Require valid-user OTPAuthUsersFile /path/you/want/otp.secrets
I configured otp.secrets file for using google authenticator. An example is following.
HOTP/T30 <username> - <secret>
For creating secret and mobile configuration I used the project PHPGangsta/GoogleAuthenticator.
And restart apache configuration.
PS: Do not forget to add LoadModule directive on your httpd.conf