![]() Now, save the changes and exit the editor. This setting tells the SSH engine to expect an authentication code instead of accepting a username and password. Next, modify the sshd_config file with the following command: $ sudo nano /etc/ssh/sshd_configĪbout half-way into the file, you need to update a setting, ChallengeResponseAuthentication, from no to yes. ![]() Save the updated file and exit the editor. Scroll down to the end of the sshd_config file and add the following line of text: auth required pam_google_authenticator.so Use your preferred editor toĮdit the necessary file by running the following command: $ sudo nano /etc/pam.d/sshd Validating theĪuthentication is based on Time-Based One-Time Password (TOTP), an open standard that rotates secure tokens in discrete time blocks - everyįirst, authenticate to your Linux VM with administrative (sudo) permissions, then run the following command: $ sudo apt install libpam-google-authenticatorĪfter installing PAM, you need to update several settings to the sshd daemon running on the Linux machine. To provide the 2FA mechanism for this Linux machine, you must install Google Pluggable Authentication Module (PAM). Preconfigured Google Authenticator app on iOS or Android mobile.SSH server running on the Linux machine.Administrative (sudo) access to a running Linux machine - for example, Ubuntu 20.04 or similar.To follow along, ensure you’ve met the following prerequisites: ![]() We’ll use nano as our editor in examples. This tutorial guides you through setting up Google Authenticator PAM to enable SSH 2FA for users connecting to a Linux server. This approach forces an administrator to self-identify with an additional security verification in addition to the local admin credentials. One way to enhance SSH login security is by using two-factor authentication (2FA). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |