2 Factor Authentication for Linux: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 13: Line 13:


'''Note''': You will need to edit the build and change the kernel from x686 and x386 to all
'''Note''': You will need to edit the build and change the kernel from x686 and x386 to all
= Raspbian =
The following enforces 2 factor authentication for SSH log-on's and not for the console.
<pre>
apt-get install libpam-google-authenticator
</pre>
== sshd_config ==
<pre>
vi /etc/ssh/sshd_config
</pre>
<pre>
ChallengeResponseAuthentication yes
</pre>
== sshd ==
<pre>
vi /etc/pam.d/sshd
</pre>
add the following line to line number 15
<pre>
auth      required    pam_google_authenticator.so
</pre>
You can add the line to line position number 9 if you prefer the auth code asked before the password.
== google-authenticator ==
Run google authenticator to setup authentication.
<pre>
google-authenticator
</pre>
== ssh ==
Restart ssh service to enable new settings
<pre>
service ssh restart
</pre>
[[Category : Linux]]
[[Category : Linux]]

Latest revision as of 03:11, 5 September 2017

Arch Linux

I'll do up a more detailed document but I followed these instruction
https://wiki.archlinux.org/index.php/Google_Authenticator

Install yaourt if not already installed.

pacman -S yaourt
yaourt -S google-authenticator-libpam-git

Note: You will need to edit the build and change the kernel from x686 and x386 to all

Raspbian

The following enforces 2 factor authentication for SSH log-on's and not for the console.

apt-get install libpam-google-authenticator

sshd_config

vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

sshd

vi /etc/pam.d/sshd

add the following line to line number 15

auth       required     pam_google_authenticator.so

You can add the line to line position number 9 if you prefer the auth code asked before the password.

google-authenticator

Run google authenticator to setup authentication.

google-authenticator

ssh

Restart ssh service to enable new settings

service ssh restart