Index ¦ Archives ¦ Atom

Multi-Factor Auth with google-atuhenticator

To harden the security on my SSH-server at home I enabled Multi-Factor Authentication with Google Authenticator

make sure you don't lock yourself out of the system if you do this through an SSH connection

sudo zypper in google-authenticator-libpam

add the to the /etc/pam.d/sshd

auth        required nullok
auth        requisite
auth        include     common-auth
account     requisite
account     include     common-account
password    include     common-password
session     required
session     include     common-session
session     optional   silent noupdate showfailed
session     optional   force revoke

as your user, run the google-authenticator

google-authenticator \
  --time-based \
  --disallow-reuse \
  --qr-mode=UTF8 \
  --window-size=3 \
  --rate-limit=3 \
  --rate-time=30 \

Add the the secret key (first line in ~/.google_authenticator) to your Google Authenticator app on your phone

make sure ChallengeResponseAuthentication is set to yes in /etc/ssh/sshd_config

ChallengeResponseAuthentication yes

restart the ssh-server

sudo systemctl restart sshd

Now, you should just be automaticly logged in if you have configured ssh-keys, if not you'll be prompted for a verification key before entering your password

© Jonas Forsberg. Built using Pelican. Theme by Giulio Fidente on github.