Monday, July 6, 2015

Enabling Two Factor Authentication on SSH (Ubuntu)

Step One - Install Dependencies

sudo apt-get install libpam-google-authenticator

Step Two - Edit the Configuration Files

To use the module you have to edit two configuration files.

nano /etc/pam.d/sshd

Add the following line on top of the file:

auth required pam_google_authenticator.so

One more file to edit:

nano /etc/ssh/sshd_config

Find and change the following line:

ChallengeResponseAuthentication yes

Step Three - Open and Configure google-authenticator :

You can activate the google-authenticator for the root user or any other user. Switch to the user who should use the two-factor authentication and type in:
google-authenticator

You will be prompted to answer a few questions; answer the first two questions with yes (y):

Do you want authentication tokens to be time-based (y/n) y
And then copy the private or secret key. Use that secret key in the google authenticator app.
Then try to login using ssh you will be prompted for key. It means that your authentication is working successfully. 

No comments:

Post a Comment