## Build RPM as per https://github.com/google/google-authenticator-libpam/blob/master/contrib/README.rpm.md
# Do this elsewhere, you don't want dev tools on a box you're trying to secure. ;)
# Also note, the repo has moved, so you need to adjust the git path:
# https://github.com/google/google-authenticator-libpam
sudo yum install epel-release -y
sudo yum install qrencode qrencode-devel qrencode-libs
sudo yum install google-authenticator-1.03-1.el7.centos.x86_64.rpm
google-authenticator #per-user setup
sudo vim /etc/pam.d/sshd
# Add (top item)
# ---
auth sufficient pam_google_authenticator.so
# ---
sudo vim /etc/ssh/sshd_config
# Modify /etc/ssh/sshd_config (Add/change the following)
# ---
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive
PasswordAuthentication no
# ---
systemctl restart sshd
Last active
March 13, 2018 03:40
-
-
Save jeffgeiger/6239a6074de3a419437ecb5df23c6f72 to your computer and use it in GitHub Desktop.
Quick and dirty setup guide for Google Auth 2FA on CentOS7
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment