Google Authenticator is PAM module, we can use it with SSH for two-factor authentication.
We need to enter secret code each time we want to SSH the server.
Attention: If you activate the google-authenticator for a normal user but not for root you can't login with the root user directly anymore. You will need to login as the new user first, then switch to the super user with the su command to get root.
Before you do anything on your server, install the Google Authenticator application, it is available for Android, iOS and BlackBerry. After this connect to your server and switch to the root user.
For Deb based nix
apt-get install libpam-google-authenticator
libqrencode3 will be installed automatically and will allow you to use the camera of your phone to scan the qr-code directly from the console.
To use the module you have to edit two configuration files.
nano /etc/pam.d/sshd
Add the following line on top of the file:
auth required pam_google_authenticator.so
One more file to edit:
nano /etc/ssh/sshd_config
Find and change the following line:
ChallengeResponseAuthentication yes
Activate the Two-Factor Authentication For a User
google-authenticator
you will get qr-code
Finally restart the SSH server.
/etc/init.d/ssh restart
We need to enter secret code each time we want to SSH the server.
Attention: If you activate the google-authenticator for a normal user but not for root you can't login with the root user directly anymore. You will need to login as the new user first, then switch to the super user with the su command to get root.
Before you do anything on your server, install the Google Authenticator application, it is available for Android, iOS and BlackBerry. After this connect to your server and switch to the root user.
For Deb based nix
apt-get install libpam-google-authenticator
libqrencode3 will be installed automatically and will allow you to use the camera of your phone to scan the qr-code directly from the console.
To use the module you have to edit two configuration files.
nano /etc/pam.d/sshd
Add the following line on top of the file:
auth required pam_google_authenticator.so
One more file to edit:
nano /etc/ssh/sshd_config
Find and change the following line:
ChallengeResponseAuthentication yes
Activate the Two-Factor Authentication For a User
google-authenticator
you will get qr-code
Finally restart the SSH server.
/etc/init.d/ssh restart
No comments:
Post a Comment