2 Factor Authentication for Linux: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 24: Line 24:
vi /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
</pre>
</pre>
on line 48 change ChallengeResponseAuthentication to yes.
 
<pre>
<pre>
ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes
Line 40: Line 40:


You can add the line to line position number 9 if you prefer the auth code asked before the password.
You can add the line to line position number 9 if you prefer the auth code asked before the password.
== google-authenticator ==
Run google authenticator to setup authentication.
<pre>
google-authenticator
</pre>
== ssh ==
Restart ssh service to enable new settings
<pre>
service ssh restart
</pre>
[[Category : Linux]]
[[Category : Linux]]

Latest revision as of 03:11, 5 September 2017

Arch Linux

I'll do up a more detailed document but I followed these instruction
https://wiki.archlinux.org/index.php/Google_Authenticator

Install yaourt if not already installed.

pacman -S yaourt
yaourt -S google-authenticator-libpam-git

Note: You will need to edit the build and change the kernel from x686 and x386 to all

Raspbian

The following enforces 2 factor authentication for SSH log-on's and not for the console.

apt-get install libpam-google-authenticator

sshd_config

vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes

sshd

vi /etc/pam.d/sshd

add the following line to line number 15

auth       required     pam_google_authenticator.so

You can add the line to line position number 9 if you prefer the auth code asked before the password.

google-authenticator

Run google authenticator to setup authentication.

google-authenticator

ssh

Restart ssh service to enable new settings

service ssh restart