Step One - Install Dependencies
sudo apt-get install libpam-google-authenticator
Step Two - Edit the Configuration Files
To use the module you have to edit two configuration files.
nano /etc/pam.d/sshd
Add the following line on top of the file:
auth required pam_google_authenticator.so
One more file to edit:
nano /etc/ssh/sshd_configFind and change the following line:
ChallengeResponseAuthentication yes
Step Three - Open and Configure google-authenticator :
You can activate the google-authenticator for the root user or any other user. Switch to the user who should use the two-factor authentication and type in:google-authenticator
You will be prompted to answer a few questions; answer the first two questions with yes (y):
Do you want authentication tokens to be time-based (y/n) yAnd then copy the private or secret key. Use that secret key in the google authenticator app.
Then try to login using ssh you will be prompted for key. It means that your authentication is working successfully.
No comments:
Post a Comment