2 Factor Authentication for Linux: Difference between revisions
From KlavoWiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 13: | Line 13: | ||
'''Note''': You will need to edit the build and change the kernel from x686 and x386 to all | '''Note''': You will need to edit the build and change the kernel from x686 and x386 to all | ||
= Raspbian = | |||
The following enforces 2 factor authentication for SSH log-on's and not for the console. | |||
<pre> | |||
apt-get install libpam-google-authenticator | |||
</pre> | |||
== sshd_config == | |||
<pre> | |||
vi /etc/ssh/sshd_config | |||
</pre> | |||
<pre> | |||
ChallengeResponseAuthentication yes | |||
</pre> | |||
== sshd == | |||
<pre> | |||
vi /etc/pam.d/sshd | |||
</pre> | |||
add the following line to line number 15 | |||
<pre> | |||
auth required pam_google_authenticator.so | |||
</pre> | |||
You can add the line to line position number 9 if you prefer the auth code asked before the password. | |||
== google-authenticator == | |||
Run google authenticator to setup authentication. | |||
<pre> | |||
google-authenticator | |||
</pre> | |||
== ssh == | |||
Restart ssh service to enable new settings | |||
<pre> | |||
service ssh restart | |||
</pre> | |||
[[Category : Linux]] | [[Category : Linux]] |
Latest revision as of 03:11, 5 September 2017
Arch Linux
I'll do up a more detailed document but I followed these instruction
https://wiki.archlinux.org/index.php/Google_Authenticator
Install yaourt if not already installed.
pacman -S yaourt
yaourt -S google-authenticator-libpam-git
Note: You will need to edit the build and change the kernel from x686 and x386 to all
Raspbian
The following enforces 2 factor authentication for SSH log-on's and not for the console.
apt-get install libpam-google-authenticator
sshd_config
vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
sshd
vi /etc/pam.d/sshd
add the following line to line number 15
auth required pam_google_authenticator.so
You can add the line to line position number 9 if you prefer the auth code asked before the password.
google-authenticator
Run google authenticator to setup authentication.
google-authenticator
ssh
Restart ssh service to enable new settings
service ssh restart