MeshCentral2 - Let's Encrypt & Security Improvements
- GreenLockv3 support. MeshCentral has built-in support for getting and auto-renewing TLS certificates using Let's Encrypt which is a free CA service for web servers. Let's Encrypt updated it's validation protocol and is dropping support for the old protocol on December 1st requiring that everyone move to the new version. In the last week MeshCentral switched to using GreenLock v3 and made improvements. For example, MeshCentral will first try to get a Let's Encrypt staging certificate to test that everything is working before getting a production one.
- Invalid Login Rate Throttling. When exposed to the Internet, attackers can spam a server with login requests, to guard against this, MeshCentral now implements a system where if many bad login attempts are made, the source IP address will be banned for a period of time, blocking any login attempts. The extra values are configurable.
- Invalid Login Events & Notification. Bad login attempts are now logged and when a user logs in the next time, they will get a notification of how many invalid login attempts where made against their account. This includes login using a bad password or bad 2nd-factor attempts.
- MeshCommander Support for 2nd Factor Auth. When MeshCommander connects to a MeshCentral server, the latest version will now prompt for the 2nd factor token if required by the server. This allows MeshCommander to correctly login to accounts with two-factor authentication enabled.
- Improved MeshCentral Tracing Support. In order to help the community debug issues, there is now an improved tracing system that can be used to select what events you are interested in looking at and where you want to see them. You can now log select events to file in addition to looking at events in real-time on the web interface.