2-Factor Authentication for SSH access in Linux
HTML-код
- Опубликовано: 2 окт 2024
- To enable two-factor authentication (2FA) using Google Authenticator for SSH in Linux, you'll need to follow these general steps:
Install Google Authenticator: If you haven't installed Google Authenticator on your Linux system, you can typically do so by using your package manager. For example, on Ubuntu or Debian-based systems, you can run the following command:
sudo apt install libpam-google-authenticator
Generate the Google Authenticator secret key: Switch to the user account that will use Google Authenticator for SSH authentication. In a terminal, run the following command:
google-authenticator
Follow the prompts to configure Google Authenticator for your user account. You'll be asked a series of questions to set up the 2FA settings. It will include generating a QR code and secret key for your account.
Scan the QR code: If you have a QR code scanner on your mobile device, use it to scan the QR code generated by google-authenticator. If you don't have a scanner, you can manually enter the secret key into the Google Authenticator app.
Back up your secret key: Make sure to store a backup of your secret key in a secure location. This will allow you to recover your Google Authenticator setup if you lose your device or need to set it up on another device.
Configure SSH: Open the SSH configuration file for editing. The file location can vary depending on your Linux distribution, but it is commonly found at /etc/ssh/sshd_config. Use your preferred text editor to open the file with root privileges:
sudo nano /etc/pam.d/sshd
Add the below line at the end of above file.
auth required pam_google_authenticator.so
Restart the SSH service: After configuring Google Authenticator, restart the SSH service to apply the changes:
sudo service ssh restart
Next edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Change No to Yes for the following line
KbdInteractiveAuthentication yes
Restart SSH server:
Restart the service of ssh by the following command:
sudo systemctl restart sshd.service
That's it! You have now enabled 2FA using Google Authenticator for SSH in Linux. From now on, when you connect to SSH, you will be prompted to enter the verification code provided by the Google Authenticator app in addition to your regular password.
#linux
#linuxgaming
#linux_tutorial
#linuxnetwork
Bro in my Amazon ec2 bar code not showing please suggest anything
How can the same methodology be applied to smb.conf?
Very Good Information.
So nice of you
Thank you very much for the precise and straightforward explanation of the concept. It worked like a charm.
Thanks 👍 for your comments... please share with others
Can we just run "sudo systemctl start sshd" one time instead of run restart ssh and sshd respectively?
I recommend you to do the sudo systemctl restart sshd.service one time