Search tutorial by keyword

How to Secure SSH with Google Authenticator’s Two-Factor Authentication

SSH access is always critical and if you are a good Linux administrator then you will always find ways to secure your SSH access. In this article we will see how we can secure SSH with simple two factor of Google authentication. Before using it you have to integrate it with Google Authenticator one time password protocol TOTP. Another restriction is that you must have your android phone with you all the time or at least the time you need SSH access. 

First of all we will install open source and easy to install Google Authenticator PAM module by the following command. 

#apt-get install libpam-google-authenticator

This command will only enable PAM module and you have to enable SSH access after it.

The next step is to create an authentication key by using the following command 

#google-authenticator

You have to answer some questions by saying Y or N and after you are done with this Google will provide you with emergency scratch codes and save these somewhere as they are for the use when you have lost your cell phone 

Now enter the secret key in your newly and easily avaialable Google authenticator application on your android phone and now you have constantly changing verification code on your phone. 

You can have different keys for different users. 

Next step is to activate SSH for Google authenticator. To do it you have to open a file by following command

#vi /etc/pam.d/sshd

Add the following line to the end of the file

auth required pam_google_authenticator.so

now open sshd config file

#vi /etc/ssh/sshd_config

Add the following line if commented 

ChallengeResponseAuthentication yes

Then last but not the least restart the service by following command

#/etc/init.d/sshd restart

 

Last modified onMonday, 04 May 2015 14:39
Michael Dudli

Cloud Specialist with more than 10 years experience in the Hosting Business.

Website: www.cloudserver24.com

Contact

Sales

sales@cloudserver24.com

Support

support@cloudserver24.com