The point is, you have to install PAM library from google and activate the feature in PAM and in the sshd configuration. On your phone, install FreeOTP app from F-Droid or Google Play to scan the QR code and that's it!
Lets get started with the configuration:
# install the libpam library apt-get install libpam-google-authenticator
# edit the pam file for sshd and add at the end
vi /etc/pam.d/sshd
auth required pam_google_authenticator.so
# now alter the sshd configuration and change the following
vi /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
# restart sshd # once you have restarted, switch to the user you # want to login via ssh and generate your key su - <USER> google-authenticator
# you can print backup codes from file ~/.google_authenticator # (in case you won't be able to use your phone to login)NOTE: this post is for debian based linux (in my case Raspbian). But you can use it on whatever distro you are using, you just have to install libpam-google-authenticator package...
No comments:
Post a Comment