SSH access is always critical and if you are a good Linux administrator then you will always find ways to secure your SSH access. In this article we will see how we can secure SSH with simple two factor of Google authentication. Before using it you have to integrate it with Google Authenticator one time password protocol TOTP. Another restriction is that you must have your android phone with you all the time or at least the time you need SSH access.
First of all we will install open source and easy to install Google Authenticator PAM module by the following command.
#apt-get install libpam-google-authenticator
This command will only enable PAM module and you have to enable SSH access after it.
The next step is to create an authentication key by using the following command
You have to answer some questions by saying Y or N and after you are done with this Google will provide you with emergency scratch codes and save these somewhere as they are for the use when you have lost your cell phone
Now enter the secret key in your newly and easily avaialable Google authenticator application on your android phone and now you have constantly changing verification code on your phone.
You can have different keys for different users.
Next step is to activate SSH for Google authenticator. To do it you have to open a file by following command
Add the following line to the end of the file
auth required pam_google_authenticator.so
now open sshd config file
Add the following line if commented
Then last but not the least restart the service by following command