Last active
June 20, 2025 14:41
-
-
Save phunanon/ee3a6c95e039ac9acabbec85f3f14f1f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo apt update | |
| sudo apt install libpam-google-authenticator | |
| # google-authenticator | |
| google-authenticator -t -d -f -r 3 -R 30 -w 3 | |
| sudo cp /etc/pam.d/sshd{,.pre-mfa-bak} | |
| sudo cp /etc/ssh/sshd_config{,.pre-mfa-bak} | |
| printf 'auth required pam_google_authenticator.so nullok\nauth required pam_permit.so\n' | sudo tee -a /etc/pam.d/sshd | |
| sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.pre-mfa-bak | |
| sudo sed -i 's/^#\?\s*KbdInteractiveAuthentication.*/KbdInteractiveAuthentication yes/' /etc/ssh/sshd_config | |
| sudo systemctl restart sshd.service | |
| sudo sed -i '/^AuthenticationMethods /d' /etc/ssh/sshd_config | |
| echo 'AuthenticationMethods password keyboard-interactive' | sudo tee -a /etc/ssh/sshd_config | |
| sudo systemctl restart sshd.service | |
| #https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04 | |
| #https://www.redhat.com/en/blog/mfa-linux | |
| #https://www.supertechcrew.com/multifactor-two-authentication-mfa-ssh-shell-login/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment