Skip to content

Instantly share code, notes, and snippets.

@leommoore

leommoore/SSH_Two_Factor_Authentication.md

Last active November 9, 2020 18:07
Show Gist options
  • Save leommoore/22699ca0170e8a935931 to your computer and use it in GitHub Desktop.
Save leommoore/22699ca0170e8a935931 to your computer and use it in GitHub Desktop.
Download ZIP
SSH Two Factor Authentication
Raw
SSH_Two_Factor_Authentication.md

SSH Two Factor Authentication

Install ssh server

sudo apt-get install openssh-server

Configure SSH server

First make a backup copy of the original config

sudo cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Then edit the config

sudo nano /etc/ssh/sshd_config

Install Google Authenticator

sudo apt-get update
sudo apt-get install libpam-google-authenticator

google-authenticator

Update the ssh Config

sudo nano /etc/ssh/ssh_config

#Change to yes to enable challenge-response passwords (beware issues with some PAM modules and threads)
ChallengeResponseAuthentication yes
UsePAM yes
AuthenticationMethods publickey,keyboard-interactive

#Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Update the PAM ssh Config

sudo nano /etc/pam.d/sshd

At the top of the file make the following edits

#PAM configuration for the Secure Shell service
auth required pam_google_authenticator.so

#Standard Un*x authentication
#@include common-auth

Restart the ssh daemon (sudo service ssh restart). Check that Google Authentication is generating codes (the code will be labeled with the user and host name the QR code was generated on). When you log in the next time it will ask for the verification code before checking your public key is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment